Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2003-0147
Deferred
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-31 Mar, 2003 | 05:00
Updated At-03 Apr, 2025 | 01:03

OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
openpkg
openpkg
>>openpkg>>*
cpe:2.3:a:openpkg:openpkg:*:*:*:*:*:*:*:*
openpkg
openpkg
>>openpkg>>1.1
cpe:2.3:a:openpkg:openpkg:1.1:*:*:*:*:*:*:*
openpkg
openpkg
>>openpkg>>1.2
cpe:2.3:a:openpkg:openpkg:1.2:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6
cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6a
cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6b
cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6c
cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6d
cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6e
cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6g
cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6h
cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.6i
cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.7
cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>0.9.7a
cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
stunnel
stunnel
>>stunnel>>3.7
cpe:2.3:a:stunnel:stunnel:3.7:*:*:*:*:*:*:*
stunnel
stunnel
>>stunnel>>3.8
cpe:2.3:a:stunnel:stunnel:3.8:*:*:*:*:*:*:*
stunnel
stunnel
>>stunnel>>3.9
cpe:2.3:a:stunnel:stunnel:3.9:*:*:*:*:*:*:*
stunnel
stunnel
>>stunnel>>3.10
cpe:2.3:a:stunnel:stunnel:3.10:*:*:*:*:*:*:*
stunnel
stunnel
>>stunnel>>3.11
cpe:2.3:a:stunnel:stunnel:3.11:*:*:*:*:*:*:*
stunnel
stunnel
>>stunnel>>3.12
cpe:2.3:a:stunnel:stunnel:3.12:*:*:*:*:*:*:*
stunnel
stunnel
>>stunnel>>3.13
cpe:2.3:a:stunnel:stunnel:3.13:*:*:*:*:*:*:*
stunnel
stunnel
>>stunnel>>3.14
cpe:2.3:a:stunnel:stunnel:3.14:*:*:*:*:*:*:*
stunnel
stunnel
>>stunnel>>3.15
cpe:2.3:a:stunnel:stunnel:3.15:*:*:*:*:*:*:*
stunnel
stunnel
>>stunnel>>3.16
cpe:2.3:a:stunnel:stunnel:3.16:*:*:*:*:*:*:*
stunnel
stunnel
>>stunnel>>3.17
cpe:2.3:a:stunnel:stunnel:3.17:*:*:*:*:*:*:*
stunnel
stunnel
>>stunnel>>3.18
cpe:2.3:a:stunnel:stunnel:3.18:*:*:*:*:*:*:*
stunnel
stunnel
>>stunnel>>3.19
cpe:2.3:a:stunnel:stunnel:3.19:*:*:*:*:*:*:*
stunnel
stunnel
>>stunnel>>3.20
cpe:2.3:a:stunnel:stunnel:3.20:*:*:*:*:*:*:*
stunnel
stunnel
>>stunnel>>3.21
cpe:2.3:a:stunnel:stunnel:3.21:*:*:*:*:*:*:*
stunnel
stunnel
>>stunnel>>3.22
cpe:2.3:a:stunnel:stunnel:3.22:*:*:*:*:*:*:*
stunnel
stunnel
>>stunnel>>4.0
cpe:2.3:a:stunnel:stunnel:4.0:*:*:*:*:*:*:*
stunnel
stunnel
>>stunnel>>4.01
cpe:2.3:a:stunnel:stunnel:4.01:*:*:*:*:*:*:*
stunnel
stunnel
>>stunnel>>4.02
cpe:2.3:a:stunnel:stunnel:4.02:*:*:*:*:*:*:*
stunnel
stunnel
>>stunnel>>4.03
cpe:2.3:a:stunnel:stunnel:4.03:*:*:*:*:*:*:*
stunnel
stunnel
>>stunnel>>4.04
cpe:2.3:a:stunnel:stunnel:4.04:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2007-03-14T00:00:00

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

References
HyperlinkSourceResource
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txtcve@mitre.org
N/A
ftp://patches.sgi.com/support/free/security/advisories/20030501-01-Icve@mitre.org
N/A
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.htmlcve@mitre.org
Vendor Advisory
http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdfcve@mitre.org
N/A
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=104766550528628&w=2cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=104792570615648&w=2cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=104819602408063&w=2cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=104829040921835&w=2cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=104861762028637&w=2cve@mitre.org
N/A
http://www.debian.org/security/2003/dsa-288cve@mitre.org
N/A
http://www.gentoo.org/security/en/glsa/glsa-200303-23.xmlcve@mitre.org
N/A
http://www.kb.cert.org/vuls/id/997481cve@mitre.org
Third Party Advisory
US Government Resource
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:035cve@mitre.org
N/A
http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.019.htmlcve@mitre.org
N/A
http://www.openssl.org/news/secadv_20030317.txtcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2003-101.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2003-102.htmlcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/316165/30/25370/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/316165/30/25370/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/316577/30/25310/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/316577/30/25310/threadedcve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A466cve@mitre.org
N/A
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txtaf854a3a-2127-422b-91ae-364da2661108
N/A
ftp://patches.sgi.com/support/free/security/advisories/20030501-01-Iaf854a3a-2127-422b-91ae-364da2661108
N/A
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdfaf854a3a-2127-422b-91ae-364da2661108
N/A
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=104766550528628&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=104792570615648&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=104819602408063&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=104829040921835&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=104861762028637&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2003/dsa-288af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.gentoo.org/security/en/glsa/glsa-200303-23.xmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.kb.cert.org/vuls/id/997481af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
US Government Resource
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:035af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.019.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openssl.org/news/secadv_20030317.txtaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2003-101.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2003-102.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/316165/30/25370/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/316165/30/25370/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/316577/30/25310/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/316577/30/25310/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A466af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt
Source: cve@mitre.org
Resource: N/A
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=104766550528628&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=104792570615648&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=104819602408063&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=104829040921835&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=104861762028637&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2003/dsa-288
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200303-23.xml
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/997481
Source: cve@mitre.org
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:035
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.019.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.openssl.org/news/secadv_20030317.txt
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2003-101.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2003-102.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/316165/30/25370/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/316165/30/25370/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/316577/30/25310/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/316577/30/25310/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A466
Source: cve@mitre.org
Resource: N/A
Hyperlink: ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=104766550528628&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=104792570615648&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=104819602408063&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=104829040921835&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=104861762028637&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2003/dsa-288
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200303-23.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/997481
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:035
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.019.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openssl.org/news/secadv_20030317.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2003-101.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2003-102.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/316165/30/25370/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/316165/30/25370/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/316577/30/25310/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/316577/30/25310/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A466
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Change History
0Changes found
Details not found