CVE Vulnerabilities

CVE-2003-0147

Published: Mar 31, 2003 | Modified: Oct 19, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the servers private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms (Karatsuba and normal).

Affected Software

Name Vendor Start Version End Version
Openpkg Openpkg * *
Openpkg Openpkg 1.1 1.1
Openpkg Openpkg 1.2 1.2
Openssl Openssl 0.9.6 0.9.6
Openssl Openssl 0.9.6a 0.9.6a
Openssl Openssl 0.9.6b 0.9.6b
Openssl Openssl 0.9.6c 0.9.6c
Openssl Openssl 0.9.6d 0.9.6d
Openssl Openssl 0.9.6e 0.9.6e
Openssl Openssl 0.9.6g 0.9.6g
Openssl Openssl 0.9.6h 0.9.6h
Openssl Openssl 0.9.6i 0.9.6i
Openssl Openssl 0.9.7 0.9.7
Openssl Openssl 0.9.7a 0.9.7a
Stunnel Stunnel 3.7 3.7
Stunnel Stunnel 3.8 3.8
Stunnel Stunnel 3.9 3.9
Stunnel Stunnel 3.10 3.10
Stunnel Stunnel 3.11 3.11
Stunnel Stunnel 3.12 3.12
Stunnel Stunnel 3.13 3.13
Stunnel Stunnel 3.14 3.14
Stunnel Stunnel 3.15 3.15
Stunnel Stunnel 3.16 3.16
Stunnel Stunnel 3.17 3.17
Stunnel Stunnel 3.18 3.18
Stunnel Stunnel 3.19 3.19
Stunnel Stunnel 3.20 3.20
Stunnel Stunnel 3.21 3.21
Stunnel Stunnel 3.22 3.22
Stunnel Stunnel 4.0 4.0
Stunnel Stunnel 4.01 4.01
Stunnel Stunnel 4.02 4.02
Stunnel Stunnel 4.03 4.03
Stunnel Stunnel 4.04 4.04
Openssl Ubuntu dapper *
Openssl Ubuntu devel *
Openssl Ubuntu edgy *
Openssl Ubuntu feisty *
Openssl097 Ubuntu dapper *
Openssl097 Ubuntu devel *
Openssl097 Ubuntu edgy *
Openssl097 Ubuntu feisty *

References