CVE-2003-0147 Information

Description

OpenSSL does not use RSA blinding by default which allows local and remote attackers to obtain the server’s private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction and (2) the use of different integer multiplication algorithms (\Karatsuba\ and normal).

Reference

ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625 http://marc.info/?l=bugtraq&m=104766550528628&w=2 http://marc.info/?l=bugtraq&m=104792570615648&w=2 http://marc.info/?l=bugtraq&m=104819602408063&w=2 http://marc.info/?l=bugtraq&m=104829040921835&w=2 http://marc.info/?l=bugtraq&m=104861762028637&w=2 http://www.debian.org/security/2003/dsa-288 http://www.gentoo.org/security/en/glsa/glsa-200303-23.xml http://www.kb.cert.org/vuls/id/997481 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:035 http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.019.html http://www.openssl.org/news/secadv_20030317.txt http://www.redhat.com/support/errata/RHSA-2003-101.html http://www.redhat.com/support/errata/RHSA-2003-102.html http://www.securityfocus.com/archive/1/316165/30/25370/threaded http://www.securityfocus.com/archive/1/316577/30/25310/threaded https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A466