NVD Vulnerability Detail

CVE-2003-0147

Summary	OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).
Publication Date	March 31, 2003, 2 p.m.
Registration Date	Jan. 29, 2021, 6:02 p.m.
Last Update	Oct. 20, 2018, 12:29 a.m.

CVSS2.0 : MEDIUM
Score	5.0
Vector	AV:N/AC:L/Au:N/C:P/I:N/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	なし
可用性への影響(A)	なし
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:openpkg:openpkg::::::::
cpe:2.3:a:openpkg:openpkg:1.1:::::::*
cpe:2.3:a:openpkg:openpkg:1.2:::::::*
cpe:2.3:a:openssl:openssl:0.9.6:::::::*
cpe:2.3:a:openssl:openssl:0.9.6a:::::::*
cpe:2.3:a:openssl:openssl:0.9.6b:::::::*
cpe:2.3:a:openssl:openssl:0.9.6c:::::::*
cpe:2.3:a:openssl:openssl:0.9.6d:::::::*
cpe:2.3:a:openssl:openssl:0.9.6e:::::::*
cpe:2.3:a:openssl:openssl:0.9.6g:::::::*
cpe:2.3:a:openssl:openssl:0.9.6h:::::::*
cpe:2.3:a:openssl:openssl:0.9.6i:::::::*
cpe:2.3:a:openssl:openssl:0.9.7:::::::*
cpe:2.3:a:openssl:openssl:0.9.7a:::::::*
cpe:2.3:a:stunnel:stunnel:3.7:::::::*
cpe:2.3:a:stunnel:stunnel:3.8:::::::*
cpe:2.3:a:stunnel:stunnel:3.9:::::::*
cpe:2.3:a:stunnel:stunnel:3.10:::::::*
cpe:2.3:a:stunnel:stunnel:3.11:::::::*
cpe:2.3:a:stunnel:stunnel:3.12:::::::*
cpe:2.3:a:stunnel:stunnel:3.13:::::::*
cpe:2.3:a:stunnel:stunnel:3.14:::::::*
cpe:2.3:a:stunnel:stunnel:3.15:::::::*
cpe:2.3:a:stunnel:stunnel:3.16:::::::*
cpe:2.3:a:stunnel:stunnel:3.17:::::::*
cpe:2.3:a:stunnel:stunnel:3.18:::::::*
cpe:2.3:a:stunnel:stunnel:3.19:::::::*
cpe:2.3:a:stunnel:stunnel:3.20:::::::*
cpe:2.3:a:stunnel:stunnel:3.21:::::::*
cpe:2.3:a:stunnel:stunnel:3.22:::::::*
cpe:2.3:a:stunnel:stunnel:4.0:::::::*
cpe:2.3:a:stunnel:stunnel:4.01:::::::*
cpe:2.3:a:stunnel:stunnel:4.02:::::::*
cpe:2.3:a:stunnel:stunnel:4.03:::::::*
cpe:2.3:a:stunnel:stunnel:4.04:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt	CALDERA
2	ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I	SGI
3	http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html	VULNWATCH	Vendor Advisory
4	http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf	MISC
5	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625	CONECTIVA
6	http://marc.info/?l=bugtraq&m=104766550528628&w=2	BUGTRAQ
7	http://marc.info/?l=bugtraq&m=104792570615648&w=2	BUGTRAQ
8	http://marc.info/?l=bugtraq&m=104819602408063&w=2	BUGTRAQ
9	http://marc.info/?l=bugtraq&m=104829040921835&w=2	GENTOO
10	http://marc.info/?l=bugtraq&m=104861762028637&w=2	GENTOO
11	http://www.debian.org/security/2003/dsa-288	DEBIAN
12	http://www.gentoo.org/security/en/glsa/glsa-200303-23.xml	GENTOO
13	http://www.kb.cert.org/vuls/id/997481	CERT-VN	Third Party Advisory US Government Resource
14	http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:035	MANDRAKE
15	http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.019.html	OPENPKG
16	http://www.openssl.org/news/secadv_20030317.txt	CONFIRM
17	http://www.redhat.com/support/errata/RHSA-2003-101.html	REDHAT
18	http://www.redhat.com/support/errata/RHSA-2003-102.html	REDHAT
19	http://www.securityfocus.com/archive/1/316165/30/25370/threaded	BUGTRAQ
20	http://www.securityfocus.com/archive/1/316577/30/25310/threaded	IMMUNIX
21	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A466	OVAL

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:openpkg:openpkg::::::::
cpe:2.3:a:openpkg:openpkg:1.1:::::::*
cpe:2.3:a:openpkg:openpkg:1.2:::::::*
cpe:2.3:a:openssl:openssl:0.9.6:::::::*
cpe:2.3:a:openssl:openssl:0.9.6a:::::::*
cpe:2.3:a:openssl:openssl:0.9.6b:::::::*
cpe:2.3:a:openssl:openssl:0.9.6c:::::::*
cpe:2.3:a:openssl:openssl:0.9.6d:::::::*
cpe:2.3:a:openssl:openssl:0.9.6e:::::::*
cpe:2.3:a:openssl:openssl:0.9.6g:::::::*
cpe:2.3:a:openssl:openssl:0.9.6h:::::::*
cpe:2.3:a:openssl:openssl:0.9.6i:::::::*
cpe:2.3:a:openssl:openssl:0.9.7:::::::*
cpe:2.3:a:openssl:openssl:0.9.7a:::::::*
cpe:2.3:a:stunnel:stunnel:3.7:::::::*
cpe:2.3:a:stunnel:stunnel:3.8:::::::*
cpe:2.3:a:stunnel:stunnel:3.9:::::::*
cpe:2.3:a:stunnel:stunnel:3.10:::::::*
cpe:2.3:a:stunnel:stunnel:3.11:::::::*
cpe:2.3:a:stunnel:stunnel:3.12:::::::*
cpe:2.3:a:stunnel:stunnel:3.13:::::::*
cpe:2.3:a:stunnel:stunnel:3.14:::::::*
cpe:2.3:a:stunnel:stunnel:3.15:::::::*
cpe:2.3:a:stunnel:stunnel:3.16:::::::*
cpe:2.3:a:stunnel:stunnel:3.17:::::::*
cpe:2.3:a:stunnel:stunnel:3.18:::::::*
cpe:2.3:a:stunnel:stunnel:3.19:::::::*
cpe:2.3:a:stunnel:stunnel:3.20:::::::*
cpe:2.3:a:stunnel:stunnel:3.21:::::::*
cpe:2.3:a:stunnel:stunnel:3.22:::::::*
cpe:2.3:a:stunnel:stunnel:4.0:::::::*
cpe:2.3:a:stunnel:stunnel:4.01:::::::*
cpe:2.3:a:stunnel:stunnel:4.02:::::::*
cpe:2.3:a:stunnel:stunnel:4.03:::::::*
cpe:2.3:a:stunnel:stunnel:4.04:::::::*