CVE-2003-0147

OpenSSL - Info Disclosure

Title source: llm

Description

OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).

References (21)

Core 21

Core References

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2003/dsa-288

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2003-101.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2003-102.html

Vendor Advisory x_refsource_confirm

http://www.openssl.org/news/secadv_20030317.txt

Mailing List vendor-advisory x_refsource_gentoo

http://marc.info/?l=bugtraq&m=104829040921835&w=2

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/316165/30/25370/threaded

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=104792570615648&w=2

Various Sources vendor-advisory x_refsource_caldera

ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt

Various Sources vendor-advisory x_refsource_mandrake

http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:035

Various Sources x_refsource_misc

http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf

Third Party Advisory vendor-advisory x_refsource_gentoo

http://www.gentoo.org/security/en/glsa/glsa-200303-23.xml

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A466

Vendor Advisory vendor-advisory x_refsource_openpkg

http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.019.html

Mailing List vendor-advisory x_refsource_gentoo

http://marc.info/?l=bugtraq&m=104861762028637&w=2

Third Party Advisory, VDB Entry vendor-advisory x_refsource_immunix

http://www.securityfocus.com/archive/1/316577/30/25310/threaded

Vendor Advisory vendor-advisory x_refsource_sgi

ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=104766550528628&w=2

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=104819602408063&w=2

Vendor Advisory vendor-advisory x_refsource_conectiva

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/997481

Vendor Advisory mailing-list x_refsource_vulnwatch

http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html

Scores

EPSS 0.2874

EPSS Percentile 96.6%

Details

Status published

Products (35)

openpkg/openpkg

openpkg/openpkg 1.1

openpkg/openpkg 1.2

openssl/openssl 0.9.6

openssl/openssl 0.9.6a

openssl/openssl 0.9.6b

openssl/openssl 0.9.6c

openssl/openssl 0.9.6d

openssl/openssl 0.9.6e

openssl/openssl 0.9.6g

... and 25 more

Published Mar 31, 2003

Tracked Since Feb 18, 2026