ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack."
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
20 Nov 2024, 23:43
Type | Values Removed | Values Added |
---|---|---|
References | () ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-001.txt.asc - Broken Link | |
References | () ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I - Broken Link | |
References | () http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000570 - Broken Link | |
References | () http://marc.info/?l=bugtraq&m=104567627211904&w=2 - Third Party Advisory | |
References | () http://marc.info/?l=bugtraq&m=104568426824439&w=2 - Third Party Advisory | |
References | () http://marc.info/?l=bugtraq&m=104577183206905&w=2 - Third Party Advisory | |
References | () http://www.ciac.org/ciac/bulletins/n-051.shtml - Broken Link | |
References | () http://www.debian.org/security/2003/dsa-253 - Broken Link, Vendor Advisory | |
References | () http://www.iss.net/security_center/static/11369.php - Broken Link, Vendor Advisory | |
References | () http://www.linuxsecurity.com/advisories/engarde_advisory-2874.html - Broken Link | |
References | () http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:020 - Broken Link | |
References | () http://www.openssl.org/news/secadv_20030219.txt - Broken Link, Patch, Vendor Advisory | |
References | () http://www.osvdb.org/3945 - Broken Link | |
References | () http://www.redhat.com/support/errata/RHSA-2003-062.html - Broken Link | |
References | () http://www.redhat.com/support/errata/RHSA-2003-063.html - Broken Link | |
References | () http://www.redhat.com/support/errata/RHSA-2003-082.html - Broken Link | |
References | () http://www.redhat.com/support/errata/RHSA-2003-104.html - Broken Link | |
References | () http://www.redhat.com/support/errata/RHSA-2003-205.html - Broken Link | |
References | () http://www.securityfocus.com/bid/6884 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.trustix.org/errata/2003/0005 - Broken Link |
14 Feb 2024, 15:07
Type | Values Removed | Values Added |
---|---|---|
References | (BUGTRAQ) http://marc.info/?l=bugtraq&m=104568426824439&w=2 - Third Party Advisory | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2003-062.html - Broken Link | |
References | (XF) http://www.iss.net/security_center/static/11369.php - Broken Link, Vendor Advisory | |
References | (NETBSD) ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-001.txt.asc - Broken Link | |
References | (CONECTIVA) http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000570 - Broken Link | |
References | (TRUSTIX) http://www.trustix.org/errata/2003/0005 - Broken Link | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2003-063.html - Broken Link | |
References | (MANDRAKE) http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:020 - Broken Link | |
References | (CIAC) http://www.ciac.org/ciac/bulletins/n-051.shtml - Broken Link | |
References | (CONFIRM) http://www.openssl.org/news/secadv_20030219.txt - Broken Link, Patch, Vendor Advisory | |
References | (GENTOO) http://marc.info/?l=bugtraq&m=104577183206905&w=2 - Third Party Advisory | |
References | (DEBIAN) http://www.debian.org/security/2003/dsa-253 - Broken Link, Vendor Advisory | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2003-205.html - Broken Link | |
References | (SGI) ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I - Broken Link | |
References | (ENGARDE) http://www.linuxsecurity.com/advisories/engarde_advisory-2874.html - Broken Link | |
References | (OSVDB) http://www.osvdb.org/3945 - Broken Link | |
References | (BUGTRAQ) http://marc.info/?l=bugtraq&m=104567627211904&w=2 - Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/6884 - Broken Link, Third Party Advisory, VDB Entry | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2003-082.html - Broken Link | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2003-104.html - Broken Link | |
CWE | CWE-203 | |
CPE | cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:4.8:pre-release:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:* |
cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.7:-:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:* |
Information
Published : 2003-03-03 05:00
Updated : 2024-11-20 23:43
NVD link : CVE-2003-0078
Mitre link : CVE-2003-0078
CVE.ORG link : CVE-2003-0078
JSON object : View
Products Affected
openbsd
- openbsd
freebsd
- freebsd
openssl
- openssl
CWE
CWE-203
Observable Discrepancy