OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).
References
Configurations
Configuration 1 (hide)
|
History
20 Nov 2024, 23:44
Type | Values Removed | Values Added |
---|---|---|
References | () ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt - | |
References | () ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I - | |
References | () http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html - Vendor Advisory | |
References | () http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf - | |
References | () http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625 - | |
References | () http://marc.info/?l=bugtraq&m=104766550528628&w=2 - | |
References | () http://marc.info/?l=bugtraq&m=104792570615648&w=2 - | |
References | () http://marc.info/?l=bugtraq&m=104819602408063&w=2 - | |
References | () http://marc.info/?l=bugtraq&m=104829040921835&w=2 - | |
References | () http://marc.info/?l=bugtraq&m=104861762028637&w=2 - | |
References | () http://www.debian.org/security/2003/dsa-288 - | |
References | () http://www.gentoo.org/security/en/glsa/glsa-200303-23.xml - | |
References | () http://www.kb.cert.org/vuls/id/997481 - Third Party Advisory, US Government Resource | |
References | () http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:035 - | |
References | () http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.019.html - | |
References | () http://www.openssl.org/news/secadv_20030317.txt - | |
References | () http://www.redhat.com/support/errata/RHSA-2003-101.html - | |
References | () http://www.redhat.com/support/errata/RHSA-2003-102.html - | |
References | () http://www.securityfocus.com/archive/1/316165/30/25370/threaded - | |
References | () http://www.securityfocus.com/archive/1/316577/30/25310/threaded - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A466 - |
Information
Published : 2003-03-31 05:00
Updated : 2024-11-20 23:44
NVD link : CVE-2003-0147
Mitre link : CVE-2003-0147
CVE.ORG link : CVE-2003-0147
JSON object : View
Products Affected
stunnel
- stunnel
openssl
- openssl
openpkg
- openpkg
CWE