CVE-2003-0078

OpenSSL < 0.9.7a and 0.9.6 < 0.9.6i - Timing Side-Channel Attack via Incorrect Block Cipher Padding

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0078. PoCs published by Martin Vuagnoux.

AI-analyzed exploit summary This is a writeup describing a side-channel attack against SSL implementations, specifically targeting OpenSSL versions prior to 0.9.6i and 0.9.7a. The attack involves timing analysis to leak sensitive information, potentially leading to plaintext recovery of ciphertext.

Description

ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack."

Exploits (1)

exploitdb WRITEUP VERIFIED
by Martin Vuagnoux · textremotelinux
https://www.exploit-db.com/exploits/22264

This is a writeup describing a side-channel attack against SSL implementations, specifically targeting OpenSSL versions prior to 0.9.6i and 0.9.7a. The attack involves timing analysis to leak sensitive information, potentially leading to plaintext recovery of ciphertext.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Complex
Reliability
Theoretical
Target: OpenSSL < 0.9.6i, OpenSSL < 0.9.7a
No auth needed
Prerequisites: Man-in-the-middle position · Ability to analyze timing of SSL operations
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (20)

Core 20
Core References
Broken Link vendor-advisory x_refsource_trustix
http://www.trustix.org/errata/2003/0005
Broken Link vendor-advisory x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I
Broken Link vdb-entry x_refsource_osvdb
http://www.osvdb.org/3945
Broken Link, Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/11369.php
Broken Link, Patch, Vendor Advisory x_refsource_confirm
http://www.openssl.org/news/secadv_20030219.txt
Broken Link, Vendor Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2003/dsa-253
Broken Link vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-205.html
Broken Link vendor-advisory x_refsource_engarde
http://www.linuxsecurity.com/advisories/engarde_advisory-2874.html
Broken Link third-party-advisory government-resource x_refsource_ciac
http://www.ciac.org/ciac/bulletins/n-051.shtml
Third Party Advisory mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=104567627211904&w=2
Broken Link vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-104.html
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/6884
Broken Link vendor-advisory x_refsource_mandrake
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:020
Broken Link vendor-advisory x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000570
Third Party Advisory mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=104568426824439&w=2
Third Party Advisory vendor-advisory x_refsource_gentoo
http://marc.info/?l=bugtraq&m=104577183206905&w=2
Broken Link vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-082.html
Broken Link vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-063.html
Broken Link vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-062.html

Scores

EPSS 0.1372
EPSS Percentile 96.0%

Details

CWE
CWE-203
Status published
Products (12)
freebsd/freebsd 4.2
freebsd/freebsd 4.3
freebsd/freebsd 4.4
freebsd/freebsd 4.5
freebsd/freebsd 4.6
freebsd/freebsd 4.7
freebsd/freebsd 5.0
openbsd/openbsd 3.1
openbsd/openbsd 3.2
openssl/openssl 0.9.6i
... and 2 more
Published Mar 03, 2003
Tracked Since Feb 18, 2026