CVE-2003-0147

MEDIUM

OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).

Score CVSS v2.0

5.0

/ 10.0

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:N

Informations

Publié: 31 mars 2003
Mis à jour: 16 avr. 2026
Statut: Modified
Source: cve@mitre.org

Produits affectés

openpkg openpkg

Versions : 1.1, 1.2

openssl opensslToutes les CVE OpenSSL →

Versions : 0.9.6, 0.9.6a, 0.9.6b, 0.9.6c, 0.9.6d

stunnel stunnel

Versions : 3.7, 3.8, 3.9, 3.10, 3.11

Faiblesses (CWE)

NVD-CWE-Other

Références (46)

ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt
ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html
Vendor Advisory
http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625
http://marc.info/?l=bugtraq&m=104766550528628&w=2
http://marc.info/?l=bugtraq&m=104792570615648&w=2
http://marc.info/?l=bugtraq&m=104819602408063&w=2
http://marc.info/?l=bugtraq&m=104829040921835&w=2
http://marc.info/?l=bugtraq&m=104861762028637&w=2
http://www.debian.org/security/2003/dsa-288
http://www.gentoo.org/security/en/glsa/glsa-200303-23.xml
http://www.kb.cert.org/vuls/id/997481
Third Party AdvisoryUS Government Resource
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:035
http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.019.html
+ 31 autres références sur NVD

Surveillez vos produits

Recevez une alerte automatique à chaque nouvelle CVE affectant vos équipements.

Activer la surveillance