CVE-2004-2761

Publication date 5 January 2009

Last updated 6 June 2026

Ubuntu priority

Low

Why this priority?

Cvss 3 Severity Score

9.8 · Critical

Score breakdown

Description

The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.

Status

Package Ubuntu Release Status
firefox 8.10 intrepid Not in release
8.04 LTS hardy
Not affected
7.10 gutsy
Not affected
6.06 LTS dapper
Fixed 1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2
nss 8.10 intrepid
Fixed 3.12.0.3-0ubuntu5.8.10.1
8.04 LTS hardy
Fixed 3.12.0.3-0ubuntu0.8.04.5
7.10 gutsy
Fixed 3.11.5-3ubuntu0.7.10.2
6.06 LTS dapper Not in release

Severity score breakdown

Parameter Value
Base score 9.8 · Critical
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Related Ubuntu Security Notices (USN)

Other references

Access our resources on patching vulnerabilities