CVE-2003-0147

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2003-0147
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html Vendor Advisory
http://www.kb.cert.org/vuls/id/997481 Third Party Advisory US Government Resource
http://www.openssl.org/news/secadv_20030317.txt
http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf
http://www.debian.org/security/2003/dsa-288
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:035
http://www.redhat.com/support/errata/RHSA-2003-101.html
http://www.redhat.com/support/errata/RHSA-2003-102.html
ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt
http://www.gentoo.org/security/en/glsa/glsa-200303-23.xml
http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.019.html
http://marc.info/?l=bugtraq&m=104819602408063&w=2
http://marc.info/?l=bugtraq&m=104792570615648&w=2
http://marc.info/?l=bugtraq&m=104829040921835&w=2
http://marc.info/?l=bugtraq&m=104766550528628&w=2
http://marc.info/?l=bugtraq&m=104861762028637&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A466
http://www.securityfocus.com/archive/1/316577/30/25310/threaded
http://www.securityfocus.com/archive/1/316165/30/25370/threaded
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openpkg:openpkg:1.2:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.15:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.16:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.7:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.8:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.02:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.14:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.22:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.18:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.20:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.04:*:*:*:*:*:*:*
cpe:2.3:a:openpkg:openpkg:1.1:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.11:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.21:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.13:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.17:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.10:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.12:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
cpe:2.3:a:openpkg:openpkg:*:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.01:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.03:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.19:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.9:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.0:*:*:*:*:*:*:*
Information

Published : 2003-03-30 21:00

Updated : 2018-10-19 08:29

NVD link : CVE-2003-0147

Mitre link : CVE-2003-0147

JSON object : View

CWE
NVD-CWE-Other
Advertisement

dedicated server usa
Products Affected

openpkg

  • openpkg

openssl

  • openssl

stunnel

  • stunnel