CVE-2003-0147

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2003-0147
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt
ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html Vendor Advisory
http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625
http://marc.info/?l=bugtraq&m=104766550528628&w=2
http://marc.info/?l=bugtraq&m=104792570615648&w=2
http://marc.info/?l=bugtraq&m=104819602408063&w=2
http://marc.info/?l=bugtraq&m=104829040921835&w=2
http://marc.info/?l=bugtraq&m=104861762028637&w=2
http://www.debian.org/security/2003/dsa-288
http://www.gentoo.org/security/en/glsa/glsa-200303-23.xml
http://www.kb.cert.org/vuls/id/997481 Third Party Advisory US Government Resource
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:035
http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.019.html
http://www.openssl.org/news/secadv_20030317.txt
http://www.redhat.com/support/errata/RHSA-2003-101.html
http://www.redhat.com/support/errata/RHSA-2003-102.html
http://www.securityfocus.com/archive/1/316165/30/25370/threaded
http://www.securityfocus.com/archive/1/316165/30/25370/threaded
http://www.securityfocus.com/archive/1/316577/30/25310/threaded
http://www.securityfocus.com/archive/1/316577/30/25310/threaded
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A466
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt
ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html Vendor Advisory
http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625
http://marc.info/?l=bugtraq&m=104766550528628&w=2
http://marc.info/?l=bugtraq&m=104792570615648&w=2
http://marc.info/?l=bugtraq&m=104819602408063&w=2
http://marc.info/?l=bugtraq&m=104829040921835&w=2
http://marc.info/?l=bugtraq&m=104861762028637&w=2
http://www.debian.org/security/2003/dsa-288
http://www.gentoo.org/security/en/glsa/glsa-200303-23.xml
http://www.kb.cert.org/vuls/id/997481 Third Party Advisory US Government Resource
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:035
http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.019.html
http://www.openssl.org/news/secadv_20030317.txt
http://www.redhat.com/support/errata/RHSA-2003-101.html
http://www.redhat.com/support/errata/RHSA-2003-102.html
http://www.securityfocus.com/archive/1/316165/30/25370/threaded
http://www.securityfocus.com/archive/1/316165/30/25370/threaded
http://www.securityfocus.com/archive/1/316577/30/25310/threaded
http://www.securityfocus.com/archive/1/316577/30/25310/threaded
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A466
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openpkg:openpkg:*:*:*:*:*:*:*:*
cpe:2.3:a:openpkg:openpkg:1.1:*:*:*:*:*:*:*
cpe:2.3:a:openpkg:openpkg:1.2:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.7:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.8:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.9:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.10:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.11:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.12:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.13:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.14:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.15:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.16:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.17:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.18:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.19:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.20:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.21:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.22:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.0:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.01:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.02:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.03:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.04:*:*:*:*:*:*:*
History

20 Nov 2024, 23:44

Type Values Removed Values Added
References () ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt - () ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt -
References () ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I - () ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I -
References () http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html - Vendor Advisory () http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html - Vendor Advisory
References () http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf - () http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf -
References () http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625 - () http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625 -
References () http://marc.info/?l=bugtraq&m=104766550528628&w=2 - () http://marc.info/?l=bugtraq&m=104766550528628&w=2 -
References () http://marc.info/?l=bugtraq&m=104792570615648&w=2 - () http://marc.info/?l=bugtraq&m=104792570615648&w=2 -
References () http://marc.info/?l=bugtraq&m=104819602408063&w=2 - () http://marc.info/?l=bugtraq&m=104819602408063&w=2 -
References () http://marc.info/?l=bugtraq&m=104829040921835&w=2 - () http://marc.info/?l=bugtraq&m=104829040921835&w=2 -
References () http://marc.info/?l=bugtraq&m=104861762028637&w=2 - () http://marc.info/?l=bugtraq&m=104861762028637&w=2 -
References () http://www.debian.org/security/2003/dsa-288 - () http://www.debian.org/security/2003/dsa-288 -
References () http://www.gentoo.org/security/en/glsa/glsa-200303-23.xml - () http://www.gentoo.org/security/en/glsa/glsa-200303-23.xml -
References () http://www.kb.cert.org/vuls/id/997481 - Third Party Advisory, US Government Resource () http://www.kb.cert.org/vuls/id/997481 - Third Party Advisory, US Government Resource
References () http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:035 - () http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:035 -
References () http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.019.html - () http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.019.html -
References () http://www.openssl.org/news/secadv_20030317.txt - () http://www.openssl.org/news/secadv_20030317.txt -
References () http://www.redhat.com/support/errata/RHSA-2003-101.html - () http://www.redhat.com/support/errata/RHSA-2003-101.html -
References () http://www.redhat.com/support/errata/RHSA-2003-102.html - () http://www.redhat.com/support/errata/RHSA-2003-102.html -
References () http://www.securityfocus.com/archive/1/316165/30/25370/threaded - () http://www.securityfocus.com/archive/1/316165/30/25370/threaded -
References () http://www.securityfocus.com/archive/1/316577/30/25310/threaded - () http://www.securityfocus.com/archive/1/316577/30/25310/threaded -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A466 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A466 -
Information

Published : 2003-03-31 05:00

Updated : 2024-11-20 23:44

NVD link : CVE-2003-0147

Mitre link : CVE-2003-0147

CVE.ORG link : CVE-2003-0147

JSON object : View

Products Affected

openssl

  • openssl

openpkg

  • openpkg

stunnel

  • stunnel
CWE
NVD-CWE-Other