ID CVE-2003-0131
Summary The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack."
References
Vulnerable Configurations
  • OpenSSL Project OpenSSL 0.9.6
    cpe:2.3:a:openssl:openssl:0.9.6
  • OpenSSL Project OpenSSL 0.9.6a
    cpe:2.3:a:openssl:openssl:0.9.6a
  • OpenSSL Project OpenSSL 0.9.6b
    cpe:2.3:a:openssl:openssl:0.9.6b
  • OpenSSL Project OpenSSL 0.9.6c
    cpe:2.3:a:openssl:openssl:0.9.6c
  • OpenSSL Project OpenSSL 0.9.6d
    cpe:2.3:a:openssl:openssl:0.9.6d
  • OpenSSL Project OpenSSL 0.9.6e
    cpe:2.3:a:openssl:openssl:0.9.6e
  • OpenSSL Project OpenSSL 0.9.6g
    cpe:2.3:a:openssl:openssl:0.9.6g
  • OpenSSL Project OpenSSL 0.9.6h
    cpe:2.3:a:openssl:openssl:0.9.6h
  • OpenSSL Project OpenSSL 0.9.6i
    cpe:2.3:a:openssl:openssl:0.9.6i
  • OpenSSL Project OpenSSL 0.9.7
    cpe:2.3:a:openssl:openssl:0.9.7
  • OpenSSL Project OpenSSL 0.9.7a
    cpe:2.3:a:openssl:openssl:0.9.7a
CVSS
Base: 7.5 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2003-035.NASL
    description Researchers discovered a timing-based attack on RSA keys that OpenSSL is generally vulnerable to, unless RSA blinding is enabled. Patches from the OpenSSL team have been applied to turn RSA blinding on by default. An extension of the 'Bleichenbacher attack' on RSA with PKS #1 v1.5 padding as used in SSL 3.0 and TSL 1.0 was also created by Czech cryptologists Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa. This attack requires the attacker to open millions of SSL/TLS connections to the server they are attacking. This is done because the server's behaviour when faced with specially crafted RSA ciphertexts can reveal information that would in effect allow the attacker to perform a single RSA private key operation on a ciphertext of their choice, using the server's RSA key. Despite this, the server's RSA key is not compromised at any time. Patches from the OpenSSL team modify SSL/TLS server behaviour to avoid this vulnerability.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 14019
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14019
    title Mandrake Linux Security Advisory : openssl (MDKSA-2003:035)
  • NASL family Web Servers
    NASL id OPENSSL_PASSWORD_INTERCEPTION.NASL
    description According to its banner, the remote host is using a version of OpenSSL older than 0.9.6j or 0.9.7b. This version is vulnerable to a timing-based attack that could allow an attacker to guess the content of fixed data blocks and may eventually be able to guess the value of the private RSA key of the server. An attacker may use this implementation flaw to sniff the data going to this host and decrypt some parts of it, as well as impersonate the server and perform man-in-the-middle attacks.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 11267
    published 2003-02-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=11267
    title OpenSSL < 0.9.6j / 0.9.7b Multiple Vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-288.NASL
    description Researchers discovered two flaws in OpenSSL, a Secure Socket Layer (SSL) library and related cryptographic tools. Applications that are linked against this library are generally vulnerable to attacks that could leak the server's private key or make the encrypted session decryptable otherwise. The Common Vulnerabilities and Exposures (CVE) project identified the following vulnerabilities : CAN-2003-0147 OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key. CAN-2003-0131 The SSL allows remote attackers to perform an unauthorized RSA private key operation that causes OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 15125
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15125
    title Debian DSA-288-1 : openssl - several vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2003-102.NASL
    description Updated OpenSSL packages are available that fix a potential timing-based attack and a modified Bleichenbacher attack. [Updated 30 May 2003] Added missing i686 packages. OpenSSL is a commercial-grade, full-featured, open source toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, and provides a full-strength general purpose cryptography library. Researchers discovered a timing attack on RSA keys. Applications making use of OpenSSL are generally vulnerable to such an attack, unless RSA blinding has been turned on. OpenSSL does not use RSA blinding by default and most applications do not enable RSA blinding. A local or remote attacker could use this attack to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms (Karatsuba and normal). In order for an attack to be sucessful, an attacker must have good network conditions that allow small changes in timing to be reliably observed. Additionally, the SSL and TLS components for OpenSSL allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack. This attack (also known as the Klima-Pokorny-Rosa attack) uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding to cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext. These erratum packages contain a patch provided by the OpenSSL group that enables RSA blinding by default, and protects against the Klima-Pokorny-Rosa attack. Because server applications are affected by these vulnerabilities, we advise users to restart all services that use OpenSSL functionality or, alternatively, reboot their systems after installing these updates.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 12380
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12380
    title RHEL 2.1 : openssl (RHSA-2003:102)
oval via4
accepted 2007-04-25T19:52:32.405-04:00
class vulnerability
contributors
  • name Jay Beale
    organization Bastille Linux
  • name Jay Beale
    organization Bastille Linux
  • name Jay Beale
    organization Bastille Linux
  • name Thomas R. Jones
    organization Maitreya Security
description The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack."
family unix
id oval:org.mitre.oval:def:461
status accepted
submitted 2003-08-11T12:00:00.000-04:00
title Klima-Pokorny-Rosa Attack Vulnerability
version 35
redhat via4
advisories
  • rhsa
    id RHSA-2003:101
  • rhsa
    id RHSA-2003:102
refmap via4
bid 7148
bugtraq
  • 20030319 [OpenSSL Advisory] Klima-Pokorny-Rosa attack on PKCS #1 v1.5 padding
  • 20030324 GLSA: openssl (200303-20)
  • 20030327 Immunix Secured OS 7+ openssl update
caldera CSSA-2003-014.0
cert-vn VU#888801
conectiva CLA-2003:625
confirm
debian DSA-288
engarde ESA-20030320-010
freebsd FreeBSD-SA-03:06
gentoo GLSA-200303-20
immunix IMNX-2003-7+-001-01
mandrake MDKSA-2003:035
misc
netbsd NetBSD-SA2003-007
openpkg OpenPKG-SA-2003.026
sgi 20030501-01-I
suse SuSE-SA:2003:024
trustix 2003-0013
xf ssl-premaster-information-leak(11586)
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 19-02-2017 - 00:04
Published 24-03-2003 - 00:00
Last modified 19-10-2018 - 11:29
Back to Top