Details of VAR-E-200303-0183

ID

VAR-E-200303-0183

CVE

cve_id:

CVE-2003-0131

Trust: 0.3

sources: BID: 7148

TITLE

OpenSSL Bad Version Oracle Side Channel Attack Vulnerability

Trust: 0.3

sources: BID: 7148

DESCRIPTION

A problem with OpenSSL may leak sensitive information. A user could abuse the response of vulnerable servers to act as an oracle. By sending a large number of adaptive attacks, the possibility exists for a remote user to create a choice of ciphertext encrypted with the private key of the server.

Trust: 0.3

sources: BID: 7148

AFFECTED PRODUCTS

vendor:	sun	model:	cobalt raq xtr	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	cobalt raq	scope:	eq	version:	550	Trust: 0.3
vendor:	sun	model:	cobalt raq	scope:	eq	version:	4	Trust: 0.3
vendor:	sun	model:	cobalt qube	scope:	eq	version:	3	Trust: 0.3
vendor:	sgi	model:	irix	scope:	eq	version:	6.5.19	Trust: 0.3
vendor:	sco	model:	open server	scope:	eq	version:	5.0.7	Trust: 0.3
vendor:	sco	model:	open server	scope:	eq	version:	5.0.6	Trust: 0.3
vendor:	sco	model:	open server	scope:	eq	version:	5.0.5	Trust: 0.3
vendor:	oracle	model:	oracle9i standard edition	scope:	eq	version:	9.2	Trust: 0.3
vendor:	oracle	model:	oracle9i standard edition	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	oracle	model:	oracle9i standard edition	scope:	eq	version:	8.1.7	Trust: 0.3
vendor:	oracle	model:	oracle9i personal edition	scope:	eq	version:	9.2	Trust: 0.3
vendor:	oracle	model:	oracle9i personal edition	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	oracle	model:	oracle9i personal edition	scope:	eq	version:	8.1.7	Trust: 0.3
vendor:	oracle	model:	oracle9i enterprise edition	scope:	eq	version:	9.2.0	Trust: 0.3
vendor:	oracle	model:	oracle9i enterprise edition	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	oracle	model:	oracle9i enterprise edition	scope:	eq	version:	8.1.7	Trust: 0.3
vendor:	oracle	model:	oracle9i application server	scope:	eq	version:	9.0.3	Trust: 0.3
vendor:	oracle	model:	oracle9i application server	scope:	eq	version:	9.0.2	Trust: 0.3
vendor:	oracle	model:	oracle9i application server	scope:	eq	version:	1.0.2.2	Trust: 0.3
vendor:	oracle	model:	oracle9i application server .1s	scope:	eq	version:	1.0.2	Trust: 0.3
vendor:	oracle	model:	http server	scope:	eq	version:	9.2.0	Trust: 0.3
vendor:	oracle	model:	http server	scope:	eq	version:	9.0.1	Trust: 0.3
vendor:	oracle	model:	http server	scope:	eq	version:	8.1.7	Trust: 0.3
vendor:	openssl	model:	project openssl a	scope:	eq	version:	0.9.7	Trust: 0.3
vendor:	openssl	model:	project openssl	scope:	eq	version:	0.9.7	Trust: 0.3
vendor:	openssl	model:	project openssl i	scope:	eq	version:	0.9.6	Trust: 0.3
vendor:	openssl	model:	project openssl h	scope:	eq	version:	0.9.6	Trust: 0.3
vendor:	openssl	model:	project openssl g	scope:	eq	version:	0.9.6	Trust: 0.3
vendor:	openssl	model:	project openssl e	scope:	eq	version:	0.9.6	Trust: 0.3
vendor:	openssl	model:	project openssl d	scope:	eq	version:	0.9.6	Trust: 0.3
vendor:	openssl	model:	project openssl c	scope:	eq	version:	0.9.6	Trust: 0.3
vendor:	openssl	model:	project openssl b	scope:	eq	version:	0.9.6	Trust: 0.3
vendor:	openssl	model:	project openssl a	scope:	eq	version:	0.9.6	Trust: 0.3
vendor:	openssl	model:	project openssl	scope:	eq	version:	0.9.6	Trust: 0.3
vendor:	gnu	model:	transport layer security library	scope:	eq	version:	0.8.4	Trust: 0.3
vendor:	gnu	model:	transport layer security library	scope:	eq	version:	0.8.3	Trust: 0.3
vendor:	gnu	model:	transport layer security library	scope:	eq	version:	0.8.2	Trust: 0.3
vendor:	gnu	model:	transport layer security library	scope:	eq	version:	0.8.1	Trust: 0.3
vendor:	gnu	model:	transport layer security library	scope:	eq	version:	0.8.0	Trust: 0.3
vendor:	f5	model:	big-ip blade controller ptf-01	scope:	eq	version:	4.2.3	Trust: 0.3
vendor:	f5	model:	big-ip	scope:	eq	version:	4.5	Trust: 0.3
vendor:	f5	model:	big-ip	scope:	eq	version:	4.4	Trust: 0.3
vendor:	f5	model:	big-ip	scope:	eq	version:	4.3	Trust: 0.3
vendor:	f5	model:	big-ip	scope:	eq	version:	4.2	Trust: 0.3
vendor:	f5	model:	3-dns	scope:	eq	version:	4.5	Trust: 0.3
vendor:	f5	model:	3-dns	scope:	eq	version:	4.4	Trust: 0.3
vendor:	f5	model:	3-dns	scope:	eq	version:	4.3	Trust: 0.3
vendor:	f5	model:	3-dns	scope:	eq	version:	4.2	Trust: 0.3
vendor:	computer	model:	associates etrust security command center	scope:	eq	version:	1.0	Trust: 0.3
vendor:	compaq	model:	tru64 b	scope:	eq	version:	5.1	Trust: 0.3
vendor:	compaq	model:	tru64 a	scope:	eq	version:	5.1	Trust: 0.3
vendor:	compaq	model:	tru64	scope:	eq	version:	5.1	Trust: 0.3
vendor:	compaq	model:	tru64 a	scope:	eq	version:	5.0	Trust: 0.3
vendor:	compaq	model:	tru64 g	scope:	eq	version:	4.0	Trust: 0.3
vendor:	compaq	model:	tru64 f	scope:	eq	version:	4.0	Trust: 0.3
vendor:	compaq	model:	openvms vax	scope:	eq	version:	7.3	Trust: 0.3
vendor:	compaq	model:	openvms alpha	scope:	eq	version:	7.3	Trust: 0.3
vendor:	compaq	model:	openvms alpha	scope:	eq	version:	7.2.1	Trust: 0.3
vendor:	compaq	model:	openvms alpha	scope:	eq	version:	7.2-2	Trust: 0.3
vendor:	compaq	model:	openvms -1h2 alpha	scope:	eq	version:	7.2	Trust: 0.3
vendor:	compaq	model:	openvms -1h1 alpha	scope:	eq	version:	7.2	Trust: 0.3
vendor:	compaq	model:	openvms vax	scope:	eq	version:	7.2	Trust: 0.3
vendor:	compaq	model:	openvms alpha	scope:	eq	version:	7.2	Trust: 0.3
vendor:	compaq	model:	openvms alpha	scope:	eq	version:	7.1-2	Trust: 0.3
vendor:	compaq	model:	openvms vax	scope:	eq	version:	7.1	Trust: 0.3
vendor:	compaq	model:	openvms alpha	scope:	eq	version:	7.1	Trust: 0.3
vendor:	compaq	model:	openvms vax	scope:	eq	version:	6.2	Trust: 0.3
vendor:	compaq	model:	openvms alpha	scope:	eq	version:	6.2	Trust: 0.3
vendor:	compaq	model:	openvms	scope:	eq	version:	6.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	openssl	model:	project openssl b	scope:	ne	version:	0.9.7	Trust: 0.3
vendor:	openssl	model:	project openssl j	scope:	ne	version:	0.9.6	Trust: 0.3
vendor:	hp	model:	hp-ux apache-based web server	scope:	ne	version:	1.0.07.01	Trust: 0.3
vendor:	hp	model:	hp-ux apache-based web server	scope:	ne	version:	1.0.03.01	Trust: 0.3
vendor:	hp	model:	apache-based web server	scope:	ne	version:	1.3.27.02	Trust: 0.3
vendor:	gnu	model:	transport layer security library	scope:	ne	version:	0.8.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	ne	version:	x10.2.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	ne	version:	x10.2.5	Trust: 0.3

sources: BID: 7148

EXPLOIT

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

Trust: 0.3

sources: BID: 7148

PRICE

Free

Trust: 0.3

sources: BID: 7148

TYPE

Design Error

Trust: 0.3

sources: BID: 7148

CREDITS

Discovery credited to Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa.

Trust: 0.3

sources: BID: 7148

EXTERNAL IDS

db:	NVD	id:	CVE-2003-0131	Trust: 0.3
db:	BID	id:	7148	Trust: 0.3

sources: BID: 7148

REFERENCES

url:	http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf	Trust: 0.3
url:	http://www.info.apple.com/usen/security/security_updates.html	Trust: 0.3
url:	http://metalink.oracle.com	Trust: 0.3
url:	http://eprint.iacr.org/2003/052/	Trust: 0.3

sources: BID: 7148

SOURCES

db:

BID

id:

7148

LAST UPDATE DATE

2022-07-27T09:26:33.297000+00:00

SOURCES UPDATE DATE

db:

BID

id:

7148

date:

2009-07-11T21:06:00

SOURCES RELEASE DATE

db:

BID

id:

7148

date:

2003-03-19T00:00:00