ID CVE-2003-0147
Summary OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).
References
Vulnerable Configurations
  • cpe:2.3:a:openpkg:openpkg:*:*:*:*:*:*:*:*
    cpe:2.3:a:openpkg:openpkg:*:*:*:*:*:*:*:*
  • cpe:2.3:a:openpkg:openpkg:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:openpkg:openpkg:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openpkg:openpkg:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:openpkg:openpkg:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
  • cpe:2.3:a:stunnel:stunnel:3.7:*:*:*:*:*:*:*
    cpe:2.3:a:stunnel:stunnel:3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:stunnel:stunnel:3.8:*:*:*:*:*:*:*
    cpe:2.3:a:stunnel:stunnel:3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:stunnel:stunnel:3.9:*:*:*:*:*:*:*
    cpe:2.3:a:stunnel:stunnel:3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:stunnel:stunnel:3.10:*:*:*:*:*:*:*
    cpe:2.3:a:stunnel:stunnel:3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:stunnel:stunnel:3.11:*:*:*:*:*:*:*
    cpe:2.3:a:stunnel:stunnel:3.11:*:*:*:*:*:*:*
  • cpe:2.3:a:stunnel:stunnel:3.12:*:*:*:*:*:*:*
    cpe:2.3:a:stunnel:stunnel:3.12:*:*:*:*:*:*:*
  • cpe:2.3:a:stunnel:stunnel:3.13:*:*:*:*:*:*:*
    cpe:2.3:a:stunnel:stunnel:3.13:*:*:*:*:*:*:*
  • cpe:2.3:a:stunnel:stunnel:3.14:*:*:*:*:*:*:*
    cpe:2.3:a:stunnel:stunnel:3.14:*:*:*:*:*:*:*
  • cpe:2.3:a:stunnel:stunnel:3.15:*:*:*:*:*:*:*
    cpe:2.3:a:stunnel:stunnel:3.15:*:*:*:*:*:*:*
  • cpe:2.3:a:stunnel:stunnel:3.16:*:*:*:*:*:*:*
    cpe:2.3:a:stunnel:stunnel:3.16:*:*:*:*:*:*:*
  • cpe:2.3:a:stunnel:stunnel:3.17:*:*:*:*:*:*:*
    cpe:2.3:a:stunnel:stunnel:3.17:*:*:*:*:*:*:*
  • cpe:2.3:a:stunnel:stunnel:3.18:*:*:*:*:*:*:*
    cpe:2.3:a:stunnel:stunnel:3.18:*:*:*:*:*:*:*
  • cpe:2.3:a:stunnel:stunnel:3.19:*:*:*:*:*:*:*
    cpe:2.3:a:stunnel:stunnel:3.19:*:*:*:*:*:*:*
  • cpe:2.3:a:stunnel:stunnel:3.20:*:*:*:*:*:*:*
    cpe:2.3:a:stunnel:stunnel:3.20:*:*:*:*:*:*:*
  • cpe:2.3:a:stunnel:stunnel:3.21:*:*:*:*:*:*:*
    cpe:2.3:a:stunnel:stunnel:3.21:*:*:*:*:*:*:*
  • cpe:2.3:a:stunnel:stunnel:3.22:*:*:*:*:*:*:*
    cpe:2.3:a:stunnel:stunnel:3.22:*:*:*:*:*:*:*
  • cpe:2.3:a:stunnel:stunnel:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:stunnel:stunnel:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:stunnel:stunnel:4.01:*:*:*:*:*:*:*
    cpe:2.3:a:stunnel:stunnel:4.01:*:*:*:*:*:*:*
  • cpe:2.3:a:stunnel:stunnel:4.02:*:*:*:*:*:*:*
    cpe:2.3:a:stunnel:stunnel:4.02:*:*:*:*:*:*:*
  • cpe:2.3:a:stunnel:stunnel:4.03:*:*:*:*:*:*:*
    cpe:2.3:a:stunnel:stunnel:4.03:*:*:*:*:*:*:*
  • cpe:2.3:a:stunnel:stunnel:4.04:*:*:*:*:*:*:*
    cpe:2.3:a:stunnel:stunnel:4.04:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 19-10-2018 - 15:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
oval via4
accepted 2007-04-25T19:52:32.667-04:00
class vulnerability
contributors
  • name Jay Beale
    organization Bastille Linux
  • name Jay Beale
    organization Bastille Linux
  • name Jay Beale
    organization Bastille Linux
  • name Thomas R. Jones
    organization Maitreya Security
description OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).
family unix
id oval:org.mitre.oval:def:466
status accepted
submitted 2003-08-11T12:00:00.000-04:00
title OpenSSL No RSA Blinding Vulnerability
version 35
redhat via4
advisories
  • rhsa
    id RHSA-2003:101
  • rhsa
    id RHSA-2003:102
  • rhsa
    id RHSA-2003:205
refmap via4
apple APPLE-SA-2003-03-24
bugtraq
  • 20030313 Vulnerability in OpenSSL
  • 20030317 [ADVISORY] Timing Attack on OpenSSL
  • 20030320 [OpenPKG-SA-2003.026] OpenPKG Security Advisory (openssl)
  • 20030325 Fwd: APPLE-SA-2003-03-24 Samba, OpenSSL
  • 20030327 Immunix Secured OS 7+ openssl update
caldera CSSA-2003-014.0
cert-vn VU#997481
conectiva CLA-2003:625
confirm http://www.openssl.org/news/secadv_20030317.txt
debian DSA-288
engarde ESA-20030320-010
freebsd FreeBSD-SA-03:06
gentoo
  • GLSA-200303-15
  • GLSA-200303-23
  • GLSA-200303-24
immunix IMNX-2003-7+-001-01
mandrake MDKSA-2003:035
misc http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf
openpkg OpenPKG-SA-2003.019
sgi 20030501-01-I
vulnwatch 20030313 OpenSSL Private Key Disclosure
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 19-10-2018 - 15:29
Published 31-03-2003 - 05:00
Back to Top