ByteOS Network

CVE Vulnerability Details :

CVE-2003-0147

PUBLISHED

More Info Official Page

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-18 Mar, 2003 | 05:00

Updated At-08 Aug, 2024 | 01:43

▼CVE Numbering Authority (CNA)

OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://www.debian.org/security/2003/dsa-288	vendor-advisory x_refsource_DEBIAN
http://www.redhat.com/support/errata/RHSA-2003-101.html	vendor-advisory x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2003-102.html	vendor-advisory x_refsource_REDHAT
http://www.openssl.org/news/secadv_20030317.txt	x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=104829040921835&w=2	vendor-advisory x_refsource_GENTOO
http://www.securityfocus.com/archive/1/316165/30/25370/threaded	mailing-list x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/316165/30/25370/threaded	vendor-advisory x_refsource_APPLE
http://marc.info/?l=bugtraq&m=104792570615648&w=2	mailing-list x_refsource_BUGTRAQ
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt	vendor-advisory x_refsource_CALDERA
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:035	vendor-advisory x_refsource_MANDRAKE
http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf	x_refsource_MISC
http://www.gentoo.org/security/en/glsa/glsa-200303-23.xml	vendor-advisory x_refsource_GENTOO
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A466	vdb-entry signature x_refsource_OVAL
http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.019.html	vendor-advisory x_refsource_OPENPKG
http://marc.info/?l=bugtraq&m=104861762028637&w=2	vendor-advisory x_refsource_GENTOO
http://www.securityfocus.com/archive/1/316577/30/25310/threaded	vendor-advisory x_refsource_IMMUNIX
http://www.securityfocus.com/archive/1/316577/30/25310/threaded	mailing-list x_refsource_BUGTRAQ
ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I	vendor-advisory x_refsource_SGI
http://marc.info/?l=bugtraq&m=104766550528628&w=2	mailing-list x_refsource_BUGTRAQ
http://marc.info/?l=bugtraq&m=104819602408063&w=2	mailing-list x_refsource_BUGTRAQ
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625	vendor-advisory x_refsource_CONECTIVA
http://www.kb.cert.org/vuls/id/997481	third-party-advisory x_refsource_CERT-VN
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html	mailing-list x_refsource_VULNWATCH

Hyperlink: http://www.debian.org/security/2003/dsa-288

Resource:

vendor-advisory

x_refsource_DEBIAN

Hyperlink: http://www.redhat.com/support/errata/RHSA-2003-101.html

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: http://www.redhat.com/support/errata/RHSA-2003-102.html

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: http://www.openssl.org/news/secadv_20030317.txt

Resource:

x_refsource_CONFIRM

Hyperlink: http://marc.info/?l=bugtraq&m=104829040921835&w=2

Resource:

vendor-advisory

x_refsource_GENTOO

Hyperlink: http://www.securityfocus.com/archive/1/316165/30/25370/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

Hyperlink: http://www.securityfocus.com/archive/1/316165/30/25370/threaded

Resource:

vendor-advisory

x_refsource_APPLE

Hyperlink: http://marc.info/?l=bugtraq&m=104792570615648&w=2

Resource:

mailing-list

x_refsource_BUGTRAQ

Hyperlink: ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt

Resource:

vendor-advisory

x_refsource_CALDERA

Hyperlink: http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:035

Resource:

vendor-advisory

x_refsource_MANDRAKE

Hyperlink: http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf

Resource:

x_refsource_MISC

Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200303-23.xml

Resource:

vendor-advisory

x_refsource_GENTOO

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A466

Resource:

vdb-entry

signature

x_refsource_OVAL

Hyperlink: http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.019.html

Resource:

vendor-advisory

x_refsource_OPENPKG

Hyperlink: http://marc.info/?l=bugtraq&m=104861762028637&w=2

Resource:

vendor-advisory

x_refsource_GENTOO

Hyperlink: http://www.securityfocus.com/archive/1/316577/30/25310/threaded

Resource:

vendor-advisory

x_refsource_IMMUNIX

Hyperlink: http://www.securityfocus.com/archive/1/316577/30/25310/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I

Resource:

vendor-advisory

x_refsource_SGI

Hyperlink: http://marc.info/?l=bugtraq&m=104766550528628&w=2

Resource:

mailing-list

x_refsource_BUGTRAQ

Hyperlink: http://marc.info/?l=bugtraq&m=104819602408063&w=2

Resource:

mailing-list

x_refsource_BUGTRAQ

Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625

Resource:

vendor-advisory

x_refsource_CONECTIVA

Hyperlink: http://www.kb.cert.org/vuls/id/997481

Resource:

third-party-advisory

x_refsource_CERT-VN

Hyperlink: http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html

Resource:

mailing-list

x_refsource_VULNWATCH

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://www.debian.org/security/2003/dsa-288	vendor-advisory x_refsource_DEBIAN x_transferred
http://www.redhat.com/support/errata/RHSA-2003-101.html	vendor-advisory x_refsource_REDHAT x_transferred
http://www.redhat.com/support/errata/RHSA-2003-102.html	vendor-advisory x_refsource_REDHAT x_transferred
http://www.openssl.org/news/secadv_20030317.txt	x_refsource_CONFIRM x_transferred
http://marc.info/?l=bugtraq&m=104829040921835&w=2	vendor-advisory x_refsource_GENTOO x_transferred
http://www.securityfocus.com/archive/1/316165/30/25370/threaded	mailing-list x_refsource_BUGTRAQ x_transferred
http://www.securityfocus.com/archive/1/316165/30/25370/threaded	vendor-advisory x_refsource_APPLE x_transferred
http://marc.info/?l=bugtraq&m=104792570615648&w=2	mailing-list x_refsource_BUGTRAQ x_transferred
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt	vendor-advisory x_refsource_CALDERA x_transferred
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:035	vendor-advisory x_refsource_MANDRAKE x_transferred
http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf	x_refsource_MISC x_transferred
http://www.gentoo.org/security/en/glsa/glsa-200303-23.xml	vendor-advisory x_refsource_GENTOO x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A466	vdb-entry signature x_refsource_OVAL x_transferred
http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.019.html	vendor-advisory x_refsource_OPENPKG x_transferred
http://marc.info/?l=bugtraq&m=104861762028637&w=2	vendor-advisory x_refsource_GENTOO x_transferred
http://www.securityfocus.com/archive/1/316577/30/25310/threaded	vendor-advisory x_refsource_IMMUNIX x_transferred
http://www.securityfocus.com/archive/1/316577/30/25310/threaded	mailing-list x_refsource_BUGTRAQ x_transferred
ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I	vendor-advisory x_refsource_SGI x_transferred
http://marc.info/?l=bugtraq&m=104766550528628&w=2	mailing-list x_refsource_BUGTRAQ x_transferred
http://marc.info/?l=bugtraq&m=104819602408063&w=2	mailing-list x_refsource_BUGTRAQ x_transferred
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625	vendor-advisory x_refsource_CONECTIVA x_transferred
http://www.kb.cert.org/vuls/id/997481	third-party-advisory x_refsource_CERT-VN x_transferred
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html	mailing-list x_refsource_VULNWATCH x_transferred