var-200303-0010
Vulnerability from variot
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal). Cryptographic libraries and applications do not provide adequate defense against a side-channel timing attack against RSA private keys. Such an attack has been shown to be practical using currently available hardware on systems and networks with sufficiently low variance in latency. OpenSSL so RSA Is used for the encryption algorithm, RSA There is a vulnerability that is subject to timing attacks that can analyze the private key by measuring and analyzing the processing time when generating the private key in the format.The server's private key may be obtained. A side-channel attack in the OpenSSL implementation has been published in a recent paper that may ultimately result in an active adversary gaining the RSA private key of a target server. The attack involves analysis of the timing of certain operations during client-server session key negotiation
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200303-0010", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "stunnel", "scope": "eq", "trust": 1.9, "vendor": "stunnel", "version": "4.04" }, { "model": "stunnel", "scope": "eq", "trust": 1.9, "vendor": "stunnel", "version": "4.03" }, { "model": "stunnel", "scope": "eq", "trust": 1.9, "vendor": "stunnel", "version": "4.02" }, { "model": "stunnel", "scope": "eq", "trust": 1.9, "vendor": "stunnel", "version": "4.01" }, { "model": "stunnel", "scope": "eq", "trust": 1.9, "vendor": "stunnel", "version": "3.22" }, { "model": "stunnel", "scope": "eq", "trust": 1.9, "vendor": "stunnel", "version": "3.21" }, { "model": "stunnel", "scope": "eq", "trust": 1.9, "vendor": "stunnel", "version": "3.19" }, { "model": "stunnel", "scope": "eq", "trust": 1.9, "vendor": "stunnel", "version": "3.18" }, { "model": "stunnel", "scope": "eq", "trust": 1.9, "vendor": "stunnel", "version": "3.20" }, { "model": "stunnel", "scope": "eq", "trust": 1.6, "vendor": "stunnel", "version": "4.0" }, { "model": "stunnel", "scope": "eq", "trust": 1.3, "vendor": "stunnel", "version": "3.17" }, { "model": "stunnel", "scope": "eq", "trust": 1.3, "vendor": "stunnel", "version": "3.16" }, { "model": "stunnel", "scope": "eq", "trust": 1.3, "vendor": "stunnel", "version": "3.15" }, { "model": "stunnel", "scope": "eq", "trust": 1.3, "vendor": "stunnel", "version": "3.14" }, { "model": "stunnel", "scope": "eq", "trust": 1.3, "vendor": "stunnel", "version": "3.13" }, { "model": "stunnel", "scope": "eq", "trust": 1.3, "vendor": "stunnel", "version": "3.12" }, { "model": "stunnel", "scope": "eq", "trust": 1.3, "vendor": "stunnel", "version": "3.11" }, { "model": "stunnel", "scope": "eq", "trust": 1.3, "vendor": "stunnel", "version": "3.9" }, { "model": "stunnel", "scope": "eq", "trust": 1.3, "vendor": "stunnel", "version": "3.8" }, { "model": "stunnel", "scope": "eq", "trust": 1.3, "vendor": "stunnel", "version": "3.7" }, { "model": "stunnel", "scope": "eq", "trust": 1.3, "vendor": "stunnel", "version": "3.10" }, { "model": "openpkg", "scope": "eq", "trust": 1.3, "vendor": "openpkg", "version": "1.2" }, { "model": "openpkg", "scope": "eq", "trust": 1.3, "vendor": "openpkg", "version": "1.1" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6" }, { "model": "openpkg", "scope": "eq", "trust": 1.0, "vendor": "openpkg", "version": "*" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6d" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "apple computer", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "conectiva", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "covalent", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "crypto", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "f5", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "foundry", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "fressh", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "freebsd", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "gnu libgcrypt", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "gnu tls", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "gentoo linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "guardian digital", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "hewlett packard", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "intoto", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "mandrakesoft", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "netbsd", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "openbsd", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "openpkg", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "openssh", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "openssl", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "sgi", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ssh security", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "slackware", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "sorceror linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "stonesoft", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "stunnel", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "the sco group", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "trustix secure linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "vandyke", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "wirex", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "cryptlib", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "esoft", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "mod ssl", "version": null }, { "model": "http server", "scope": "lte", "trust": 0.8, "vendor": "apache", "version": "2.0.44" }, { "model": "openssh", "scope": "lte", "trust": 0.8, "vendor": "openbsd", "version": "3.5" }, { "model": "openssl", "scope": "lte", "trust": 0.8, "vendor": "openssl", "version": "0.9.6j" }, { "model": "openssl", "scope": "lte", "trust": 0.8, "vendor": "openssl", "version": "0.9.7b" }, { "model": "application server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "1.0.2.2" }, { "model": "application server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "9.0.2" }, { "model": "application server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "9.0.3" }, { "model": "database", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "8.1.7.4" }, { "model": "database", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "9.0.1.4" }, { "model": "database", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "9.2.0.2" }, { "model": "database", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "9.2.0.3" }, { "model": "database", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "9.2.0.4" }, { "model": "cobalt raq4", "scope": null, "trust": 0.8, "vendor": "sun microsystems", "version": null }, { "model": "cobalt raq550", "scope": null, "trust": 0.8, "vendor": "sun microsystems", "version": null }, { "model": "cobalt raqxtr", "scope": null, "trust": 0.8, "vendor": "sun microsystems", "version": null }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "2.6 (sparc)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "2.6 (x86)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "7.0 (sparc)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "7.0 (x86)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "8 (sparc)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "8 (x86)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "9 (sparc)" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "sun microsystems", "version": "9 (x86)" }, { "model": "turbolinux server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "6.5" }, { "model": "turbolinux server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "7" }, { "model": "turbolinux server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "8" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.00" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.11" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.20" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.22" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.23" }, { "model": "linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6.2" }, { "model": "linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "7.0" }, { "model": "linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "7.1" }, { "model": "linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "7.2" }, { "model": "linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "7.3" }, { "model": "linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "8.0" }, { "model": "linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "9" }, { "model": "securecrt", "scope": "eq", "trust": 0.3, "vendor": "vandyke", "version": "4.0.4" }, { "model": "securecrt", "scope": "eq", "trust": 0.3, "vendor": "vandyke", "version": "4.0.3" }, { "model": "securecrt", "scope": "eq", "trust": 0.3, "vendor": "vandyke", "version": "4.0.2" }, { "model": "securecrt", "scope": "eq", "trust": 0.3, "vendor": "vandyke", "version": "4.0.1" }, { "model": "securecrt", "scope": "eq", "trust": 0.3, "vendor": "vandyke", "version": "3.4.8" }, { "model": "securecrt", "scope": "eq", "trust": 0.3, "vendor": "vandyke", "version": "3.4.7" }, { "model": "securecrt", "scope": "eq", "trust": 0.3, "vendor": "vandyke", "version": "3.4.6" }, { "model": "securecrt", "scope": "eq", "trust": 0.3, "vendor": "vandyke", "version": "3.4.5" }, { "model": "securecrt", "scope": "eq", "trust": 0.3, "vendor": "vandyke", "version": "3.4.4" }, { "model": "securecrt", "scope": "eq", "trust": 0.3, "vendor": "vandyke", "version": "3.4.3" }, { "model": "securecrt", "scope": "eq", "trust": 0.3, "vendor": "vandyke", "version": "3.4.2" }, { "model": "securecrt", "scope": "eq", "trust": 0.3, "vendor": "vandyke", "version": "3.4.1" }, { "model": "securecrt", "scope": "eq", "trust": 0.3, "vendor": "vandyke", "version": "3.4" }, { "model": "securecrt", "scope": "eq", "trust": 0.3, "vendor": "vandyke", "version": "3.3.4" }, { "model": "securecrt", "scope": "eq", "trust": 0.3, "vendor": "vandyke", "version": "3.3.3" }, { "model": "securecrt", "scope": "eq", "trust": 0.3, "vendor": "vandyke", "version": "3.3.2" }, { "model": "securecrt", "scope": "eq", "trust": 0.3, "vendor": "vandyke", "version": "3.3.1" }, { "model": "securecrt", "scope": "eq", "trust": 0.3, "vendor": "vandyke", "version": "3.3" }, { "model": "securecrt", "scope": "eq", "trust": 0.3, "vendor": "vandyke", "version": "3.2.2" }, { "model": "securecrt", "scope": "eq", "trust": 0.3, "vendor": "vandyke", "version": "3.2.1" }, { "model": "securecrt", "scope": "eq", "trust": 0.3, "vendor": "vandyke", "version": "3.2" }, { "model": "securecrt", "scope": "eq", "trust": 0.3, "vendor": "vandyke", "version": "3.1.2" }, { "model": "securecrt", "scope": "eq", "trust": 0.3, "vendor": "vandyke", "version": "3.1.1" }, { "model": "securecrt", "scope": "eq", "trust": 0.3, "vendor": "vandyke", "version": "3.1" }, { "model": "securecrt", "scope": "eq", "trust": 0.3, "vendor": "vandyke", "version": "3.0" }, { "model": "securecrt", "scope": "eq", "trust": 0.3, "vendor": "vandyke", "version": "2.4" }, { "model": "cobalt raq xtr", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cobalt raq", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "550" }, { "model": "cobalt raq", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "4" }, { "model": "cobalt qube", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "3" }, { "model": "stunnel", "scope": "eq", "trust": 0.3, "vendor": "stunnel", "version": "4.00" }, { "model": "communications security ipsec express toolkit", "scope": null, "trust": 0.3, "vendor": "ssh", "version": null }, { "model": "communications security certificate/tls toolkit", "scope": null, "trust": 0.3, "vendor": "ssh", "version": null }, { "model": "irix", "scope": "eq", "trust": 0.3, "vendor": "sgi", "version": "6.5.19" }, { "model": "mgetty-sendfax-1.1.14-8.i386.rpm", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.2" }, { "model": "oracle9i standard edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.2" }, { "model": "oracle9i standard edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.1" }, { "model": "oracle9i standard edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.1.7" }, { "model": "oracle9i personal edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.2" }, { "model": "oracle9i personal edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.1" }, { "model": "oracle9i personal edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.1.7" }, { "model": "oracle9i enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.2.0" }, { "model": "oracle9i enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.1" }, { "model": "oracle9i enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.1.7" }, { "model": "oracle9i application server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.3" }, { "model": "oracle9i application server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.2" }, { "model": "oracle9i application server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.0.2.2" }, { "model": "oracle9i application server .1s", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.0.2" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.2.0" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "9.0.1" }, { "model": "http server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "8.1.7" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl g", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "current", "scope": null, "trust": 0.3, "vendor": "openpkg", "version": null }, { "model": "mod ssl", "scope": "eq", "trust": 0.3, "vendor": "mod ssl", "version": "2.8.14" }, { "model": "igateway", "scope": "eq", "trust": 0.3, "vendor": "intoto", "version": "3.2" }, { "model": "hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "11.22" }, { "model": "hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "11.11" }, { "model": "hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "11.0" }, { "model": "transport layer security library", "scope": "eq", "trust": 0.3, "vendor": "gnu", "version": "0.8.5" }, { "model": "transport layer security library", "scope": "eq", "trust": 0.3, "vendor": "gnu", "version": "0.8.4" }, { "model": "transport layer security library", "scope": "eq", "trust": 0.3, "vendor": "gnu", "version": "0.8.3" }, { "model": "transport layer security library", "scope": "eq", "trust": 0.3, "vendor": "gnu", "version": "0.8.2" }, { "model": "transport layer security library", "scope": "eq", "trust": 0.3, "vendor": "gnu", "version": "0.8.1" }, { "model": "transport layer security library", "scope": "eq", "trust": 0.3, "vendor": "gnu", "version": "0.8.0" }, { "model": "libgcrypt", "scope": "eq", "trust": 0.3, "vendor": "gnu", "version": "1.1.12" }, { "model": "libgcrypt", "scope": "eq", "trust": 0.3, "vendor": "gnu", "version": "1.1.11" }, { "model": "libgcrypt", "scope": "eq", "trust": 0.3, "vendor": "gnu", "version": "1.1.10" }, { "model": "libgcrypt", "scope": "eq", "trust": 0.3, "vendor": "gnu", "version": "1.1.9" }, { "model": "libgcrypt", "scope": "eq", "trust": 0.3, "vendor": "gnu", "version": "1.1.8" }, { "model": "networks ironview", "scope": null, "trust": 0.3, "vendor": "foundry", "version": null }, { "model": "big-ip blade controller ptf-01", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.2.3" }, { "model": "big-ip", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.5" }, { "model": "big-ip", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.4" }, { "model": "big-ip", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.3" }, { "model": "big-ip", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.2" }, { "model": "3-dns", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.5" }, { "model": "crypto++ library", "scope": "eq", "trust": 0.3, "vendor": "crypto", "version": "5.0" }, { "model": "crypto++ library", "scope": "eq", "trust": 0.3, "vendor": "crypto", "version": "4.2" }, { "model": "fast start server", "scope": "eq", "trust": 0.3, "vendor": "covalent", "version": "3.3" }, { "model": "fast start server", "scope": "eq", "trust": 0.3, "vendor": "covalent", "version": "3.2" }, { "model": "fast start server", "scope": "eq", "trust": 0.3, "vendor": "covalent", "version": "3.1" }, { "model": "enterprise ready server", "scope": "eq", "trust": 0.3, "vendor": "covalent", "version": "2.3" }, { "model": "enterprise ready server", "scope": "eq", "trust": 0.3, "vendor": "covalent", "version": "2.2" }, { "model": "enterprise ready server", "scope": "eq", "trust": 0.3, "vendor": "covalent", "version": "2.1" }, { "model": "associates etrust security command center", "scope": "eq", "trust": 0.3, "vendor": "computer", "version": "1.0" }, { "model": "tru64 b", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "5.1" }, { "model": "tru64 a", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "5.1" }, { "model": "tru64", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "5.1" }, { "model": "tru64 a", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "5.0" }, { "model": "tru64 g", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "4.0" }, { "model": "tru64 f", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "4.0" }, { "model": "openvms vax", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "7.3" }, { "model": "openvms alpha", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "7.3" }, { "model": "openvms alpha", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "7.2.1" }, { "model": "openvms alpha", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "7.2-2" }, { "model": "openvms -1h2 alpha", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "7.2" }, { "model": "openvms -1h1 alpha", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "7.2" }, { "model": "openvms vax", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "7.2" }, { "model": "openvms alpha", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "7.2" }, { "model": "openvms alpha", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "7.1-2" }, { "model": "openvms vax", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "7.1" }, { "model": "openvms alpha", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "7.1" }, { "model": "openvms vax", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "6.2" }, { "model": "openvms alpha", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "6.2" }, { "model": "openvms", "scope": "eq", "trust": 0.3, "vendor": "compaq", "version": "6.2" }, { "model": "securecrt", "scope": "ne", "trust": 0.3, "vendor": "vandyke", "version": "4.0.5" }, { "model": "project openssl b", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl j", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "openssh", "scope": "ne", "trust": 0.3, "vendor": "openssh", "version": "3.6.1" }, { "model": "hp-ux apache-based web server", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "1.0.07.01" }, { "model": "crypto++ library", "scope": "ne", "trust": 0.3, "vendor": "crypto", "version": "5.1" } ], "sources": [ { "db": "CERT/CC", "id": "VU#997481" }, { "db": "BID", "id": "7101" }, { "db": "JVNDB", "id": "JVNDB-2003-000098" }, { "db": "CNNVD", "id": "CNNVD-200303-116" }, { "db": "NVD", "id": "CVE-2003-0147" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:apache:http_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:openbsd:openssh", "vulnerable": true }, { "cpe22Uri": "cpe:/a:openssl:openssl", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:database_server", "vulnerable": true }, { "cpe22Uri": "cpe:/h:sun:sun_cobalt_raq_4", "vulnerable": true }, { "cpe22Uri": "cpe:/h:sun:sun_cobalt_raq_550", "vulnerable": true }, { "cpe22Uri": "cpe:/h:sun:sun_cobalt_raq_xtr", "vulnerable": true }, { "cpe22Uri": "cpe:/o:sun:solaris", "vulnerable": true }, { "cpe22Uri": "cpe:/o:turbolinux:turbolinux_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:hp:hp-ux", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:linux", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2003-000098" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "David Brumley and Dan Boneh.", "sources": [ { "db": "CNNVD", "id": "CNNVD-200303-116" } ], "trust": 0.6 }, "cve": "CVE-2003-0147", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2003-0147", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2003-0147", "trust": 1.0, "value": "MEDIUM" }, { "author": "CARNEGIE MELLON", "id": "VU#997481", "trust": 0.8, "value": "9.42" }, { "author": "NVD", "id": "CVE-2003-0147", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-200303-116", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#997481" }, { "db": "JVNDB", "id": "JVNDB-2003-000098" }, { "db": "CNNVD", "id": "CNNVD-200303-116" }, { "db": "NVD", "id": "CVE-2003-0147" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server\u0027s private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms (\"Karatsuba\" and normal). Cryptographic libraries and applications do not provide adequate defense against a side-channel timing attack against RSA private keys. Such an attack has been shown to be practical using currently available hardware on systems and networks with sufficiently low variance in latency. OpenSSL so RSA Is used for the encryption algorithm, RSA There is a vulnerability that is subject to timing attacks that can analyze the private key by measuring and analyzing the processing time when generating the private key in the format.The server\u0027s private key may be obtained. A side-channel attack in the OpenSSL implementation has been published in a recent paper that may ultimately result in an active adversary gaining the RSA private key of a target server. The attack involves analysis of the timing of certain operations during client-server session key negotiation", "sources": [ { "db": "NVD", "id": "CVE-2003-0147" }, { "db": "CERT/CC", "id": "VU#997481" }, { "db": "JVNDB", "id": "JVNDB-2003-000098" }, { "db": "BID", "id": "7101" } ], "trust": 2.61 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2003-0147", "trust": 2.7 }, { "db": "CERT/CC", "id": "VU#997481", "trust": 1.8 }, { "db": "BID", "id": "7101", "trust": 1.1 }, { "db": "JVNDB", "id": "JVNDB-2003-000098", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200303-116", "trust": 0.6 } ], "sources": [ { "db": "CERT/CC", "id": "VU#997481" }, { "db": "BID", "id": "7101" }, { "db": "JVNDB", "id": "JVNDB-2003-000098" }, { "db": "CNNVD", "id": "CNNVD-200303-116" }, { "db": "NVD", "id": "CVE-2003-0147" } ] }, "id": "VAR-200303-0010", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.4615448 }, "last_update_date": "2024-11-22T22:58:35.946000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "http://www.apache.org/" }, { "title": "HPSBUX00280", "trust": 0.8, "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00954663" }, { "title": "HPSBUX0304-255", "trust": 0.8, "url": "http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0304-255" }, { "title": "HPSBUX0309-280", "trust": 0.8, "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX0309-280.html" }, { "title": "HPSBUX0304-255", "trust": 0.8, "url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX0304-255.html" }, { "title": "secadv_20030317", "trust": 0.8, "url": "http://www.openssl.org/news/secadv_20030317.txt" }, { "title": "RHSA-2003:205", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2003-205.html" }, { "title": "RHSA-2003:102", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2003-102.html" }, { "title": "RHSA-2003:101", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2003-101.html" }, { "title": "56380", "trust": 0.8, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-56380-1" }, { "title": "56380", "trust": 0.8, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-56380-3" }, { "title": "4 Apache \u0026amp; SSL Security 2.0.1", "trust": 0.8, "url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq4.eng\u0026amp;nav=patchpage" }, { "title": "XTR Apache \u0026amp; SSL Security 1.0.1", "trust": 0.8, "url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raqxtr.eng\u0026amp;nav=patchpage" }, { "title": "550 Apache \u0026amp; SSL Security 0.0.1", "trust": 0.8, "url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq550.eng\u0026amp;nav=patchpage" }, { "title": "TLSA-2003-22", "trust": 0.8, "url": "http://www.turbolinux.com/security/2003/TLSA-2003-22.txt" }, { "title": "#62", "trust": 0.8, "url": "http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf" }, { "title": "RHSA-2003:205", "trust": 0.8, "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2003-205J.html" }, { "title": "RHSA-2003:102", "trust": 0.8, "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2003-102J.html" }, { "title": "RHSA-2003:101", "trust": 0.8, "url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2003-101J.html" }, { "title": "TLSA-2003-22", "trust": 0.8, "url": "http://www.turbolinux.co.jp/security/2003/TLSA-2003-22j.txt" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2003-000098" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2003-0147" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 4.0, "url": "http://www.securityfocus.com/archive/1/316165/30/25370/threaded" }, { "trust": 4.0, "url": "http://www.securityfocus.com/archive/1/316577/30/25310/threaded" }, { "trust": 2.8, "url": "http://www.openssl.org/news/secadv_20030317.txt" }, { "trust": 2.0, "url": "ftp://ftp.sco.com/pub/security/openlinux/cssa-2003-014.0.txt" }, { "trust": 2.0, "url": "ftp://patches.sgi.com/support/free/security/advisories/20030501-01-i" }, { "trust": 2.0, "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html" }, { "trust": 2.0, "url": "http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf" }, { "trust": 2.0, "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000625" }, { "trust": 2.0, "url": "http://marc.info/?l=bugtraq\u0026m=104766550528628\u0026w=2" }, { "trust": 2.0, "url": "http://marc.info/?l=bugtraq\u0026m=104792570615648\u0026w=2" }, { "trust": 2.0, "url": "http://marc.info/?l=bugtraq\u0026m=104819602408063\u0026w=2" }, { "trust": 2.0, "url": "http://marc.info/?l=bugtraq\u0026m=104829040921835\u0026w=2" }, { "trust": 2.0, "url": "http://marc.info/?l=bugtraq\u0026m=104861762028637\u0026w=2" }, { "trust": 2.0, "url": "http://www.debian.org/security/2003/dsa-288" }, { "trust": 2.0, "url": "http://www.gentoo.org/security/en/glsa/glsa-200303-23.xml" }, { "trust": 2.0, "url": "http://www.kb.cert.org/vuls/id/997481" }, { "trust": 2.0, "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=mdksa-2003:035" }, { "trust": 2.0, "url": "http://www.openpkg.com/security/advisories/openpkg-sa-2003.019.html" }, { "trust": 2.0, "url": "http://www.redhat.com/support/errata/rhsa-2003-101.html" }, { "trust": 2.0, "url": "http://www.redhat.com/support/errata/rhsa-2003-102.html" }, { "trust": 2.0, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a466" }, { "trust": 1.1, "url": "http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html" }, { "trust": 0.8, "url": "http://ietf.org/rfc/rfc2246.txt" }, { "trust": 0.8, "url": "http://wp.netscape.com/eng/ssl3/draft302.txt" }, { "trust": 0.8, "url": "http://www.cryptography.com/resources/whitepapers/timingattacks.pdf" }, { "trust": 0.8, "url": "http://www.bell-labs.com/user/bleichen/papers/chosen.ps" }, { "trust": 0.8, "url": "ftp://ftp.rsasecurity.com/pub/pdfs/bull-2.pdf" }, { "trust": 0.8, "url": "ftp://ftp.rsasecurity.com/pub/pdfs/bulletn5.pdf" }, { "trust": 0.8, "url": "http://link.springer.de/link/service/series/0558/papers/1070/10700001.pdf" }, { "trust": 0.8, "url": "http://islab.oregonstate.edu/documents/people/blaze/quantize.shar" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0147" }, { "trust": 0.8, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0147" }, { "trust": 0.8, "url": "http://www.securiteam.com/unixfocus/5fp0c209fe.html" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/7101" }, { "trust": 0.3, "url": "http://www.info.apple.com/usen/security/security_updates.html" }, { "trust": 0.3, "url": "http://www.eskimo.com/~weidai/cryptlib.html" }, { "trust": 0.3, "url": "http://www.openbsd.org/errata31.html#kadmin" }, { "trust": 0.3, "url": "http://www.openbsd.org/errata32.html" }, { "trust": 0.3, "url": "http://www.oracle.com/ip/deploy/ias/index.html" }, { "trust": 0.3, "url": "http://metalink.oracle.com" }, { "trust": 0.3, "url": "http://www.covalent.net/support/rotate.php?page=109" }, { "trust": 0.3, "url": "http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf" }, { "trust": 0.3, "url": "/archive/1/315884" }, { "trust": 0.3, "url": "/archive/1/315904" }, { "trust": 0.3, "url": "/archive/1/315292" }, { "trust": 0.3, "url": "/archive/1/315069" } ], "sources": [ { "db": "CERT/CC", "id": "VU#997481" }, { "db": "BID", "id": "7101" }, { "db": "JVNDB", "id": "JVNDB-2003-000098" }, { "db": "NVD", "id": "CVE-2003-0147" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#997481" }, { "db": "BID", "id": "7101" }, { "db": "JVNDB", "id": "JVNDB-2003-000098" }, { "db": "CNNVD", "id": "CNNVD-200303-116" }, { "db": "NVD", "id": "CVE-2003-0147" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2003-03-25T00:00:00", "db": "CERT/CC", "id": "VU#997481" }, { "date": "2003-03-14T00:00:00", "db": "BID", "id": "7101" }, { "date": "2007-04-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2003-000098" }, { "date": "2003-03-31T00:00:00", "db": "CNNVD", "id": "CNNVD-200303-116" }, { "date": "2003-03-31T05:00:00", "db": "NVD", "id": "CVE-2003-0147" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2004-08-25T00:00:00", "db": "CERT/CC", "id": "VU#997481" }, { "date": "2009-07-11T21:06:00", "db": "BID", "id": "7101" }, { "date": "2007-04-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2003-000098" }, { "date": "2005-10-20T00:00:00", "db": "CNNVD", "id": "CNNVD-200303-116" }, { "date": "2024-11-20T23:44:05.270000", "db": "NVD", "id": "CVE-2003-0147" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200303-116" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL Timing Attack RSA Private Key Information Disclosure Vulnerability", "sources": [ { "db": "BID", "id": "7101" }, { "db": "CNNVD", "id": "CNNVD-200303-116" } ], "trust": 0.9 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Configuration Error", "sources": [ { "db": "BID", "id": "7101" }, { "db": "CNNVD", "id": "CNNVD-200303-116" } ], "trust": 0.9 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.