CVE-2003-0147 - OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the

CVE-2003-0147

Summary

OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).

References

Vulnerable Configurations

cpe:2.3:a:openpkg:openpkg:*:*:*:*:*:*:*:*
cpe:2.3:a:openpkg:openpkg:*:*:*:*:*:*:*:*
cpe:2.3:a:openpkg:openpkg:1.1:*:*:*:*:*:*:*
cpe:2.3:a:openpkg:openpkg:1.1:*:*:*:*:*:*:*
cpe:2.3:a:openpkg:openpkg:1.2:*:*:*:*:*:*:*
cpe:2.3:a:openpkg:openpkg:1.2:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.7:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.7:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.8:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.8:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.9:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.9:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.10:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.10:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.11:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.11:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.12:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.12:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.13:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.13:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.14:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.14:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.15:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.15:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.16:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.16:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.17:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.17:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.18:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.18:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.19:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.19:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.20:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.20:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.21:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.21:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.22:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:3.22:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.0:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.0:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.01:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.01:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.02:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.02:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.03:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.03:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.04:*:*:*:*:*:*:*
cpe:2.3:a:stunnel:stunnel:4.04:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 19-10-2018 - 15:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

oval via4

accepted

2007-04-25T19:52:32.667-04:00

class

vulnerability

contributors

name Jay Beale
organization Bastille Linux
name Jay Beale
organization Bastille Linux
name Jay Beale
organization Bastille Linux
name Thomas R. Jones
organization Maitreya Security

description

family

unix

oval:org.mitre.oval:def:466

status

accepted

submitted

2003-08-11T12:00:00.000-04:00

title

OpenSSL No RSA Blinding Vulnerability

version

redhat via4

advisories

rhsa
id RHSA-2003:101
rhsa
id RHSA-2003:102
rhsa
id RHSA-2003:205

refmap via4

apple	APPLE-SA-2003-03-24
bugtraq	20030313 Vulnerability in OpenSSL 20030317 [ADVISORY] Timing Attack on OpenSSL 20030320 [OpenPKG-SA-2003.026] OpenPKG Security Advisory (openssl) 20030325 Fwd: APPLE-SA-2003-03-24 Samba, OpenSSL 20030327 Immunix Secured OS 7+ openssl update
caldera	CSSA-2003-014.0
cert-vn	VU#997481
conectiva	CLA-2003:625
confirm	http://www.openssl.org/news/secadv_20030317.txt
debian	DSA-288
engarde	ESA-20030320-010
freebsd	FreeBSD-SA-03:06
gentoo	GLSA-200303-15 GLSA-200303-23 GLSA-200303-24
immunix	IMNX-2003-7+-001-01
mandrake	MDKSA-2003:035
misc	http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf
openpkg	OpenPKG-SA-2003.019
sgi	20030501-01-I
vulnwatch	20030313 OpenSSL Private Key Disclosure

statements via4

contributor	Mark J Cox
lastmodified	2007-03-14
organization	Red Hat
statement	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

Last major update

19-10-2018 - 15:29

Published

31-03-2003 - 05:00

Last modified

19-10-2018 - 15:29