ID
VAR-E-200303-0183
CVE
cve_id: | CVE-2003-0131 | Trust: 0.3 |
TITLE
OpenSSL Bad Version Oracle Side Channel Attack Vulnerability
Trust: 0.3
DESCRIPTION
A problem with OpenSSL may leak sensitive information. A user could abuse the response of vulnerable servers to act as an oracle. By sending a large number of adaptive attacks, the possibility exists for a remote user to create a choice of ciphertext encrypted with the private key of the server.
Trust: 0.3
AFFECTED PRODUCTS
vendor: | sun | model: | cobalt raq xtr | scope: | - | version: | - | Trust: 0.3 |
vendor: | sun | model: | cobalt raq | scope: | eq | version: | 550 | Trust: 0.3 |
vendor: | sun | model: | cobalt raq | scope: | eq | version: | 4 | Trust: 0.3 |
vendor: | sun | model: | cobalt qube | scope: | eq | version: | 3 | Trust: 0.3 |
vendor: | sgi | model: | irix | scope: | eq | version: | 6.5.19 | Trust: 0.3 |
vendor: | sco | model: | open server | scope: | eq | version: | 5.0.7 | Trust: 0.3 |
vendor: | sco | model: | open server | scope: | eq | version: | 5.0.6 | Trust: 0.3 |
vendor: | sco | model: | open server | scope: | eq | version: | 5.0.5 | Trust: 0.3 |
vendor: | oracle | model: | oracle9i standard edition | scope: | eq | version: | 9.2 | Trust: 0.3 |
vendor: | oracle | model: | oracle9i standard edition | scope: | eq | version: | 9.0.1 | Trust: 0.3 |
vendor: | oracle | model: | oracle9i standard edition | scope: | eq | version: | 8.1.7 | Trust: 0.3 |
vendor: | oracle | model: | oracle9i personal edition | scope: | eq | version: | 9.2 | Trust: 0.3 |
vendor: | oracle | model: | oracle9i personal edition | scope: | eq | version: | 9.0.1 | Trust: 0.3 |
vendor: | oracle | model: | oracle9i personal edition | scope: | eq | version: | 8.1.7 | Trust: 0.3 |
vendor: | oracle | model: | oracle9i enterprise edition | scope: | eq | version: | 9.2.0 | Trust: 0.3 |
vendor: | oracle | model: | oracle9i enterprise edition | scope: | eq | version: | 9.0.1 | Trust: 0.3 |
vendor: | oracle | model: | oracle9i enterprise edition | scope: | eq | version: | 8.1.7 | Trust: 0.3 |
vendor: | oracle | model: | oracle9i application server | scope: | eq | version: | 9.0.3 | Trust: 0.3 |
vendor: | oracle | model: | oracle9i application server | scope: | eq | version: | 9.0.2 | Trust: 0.3 |
vendor: | oracle | model: | oracle9i application server | scope: | eq | version: | 1.0.2.2 | Trust: 0.3 |
vendor: | oracle | model: | oracle9i application server .1s | scope: | eq | version: | 1.0.2 | Trust: 0.3 |
vendor: | oracle | model: | http server | scope: | eq | version: | 9.2.0 | Trust: 0.3 |
vendor: | oracle | model: | http server | scope: | eq | version: | 9.0.1 | Trust: 0.3 |
vendor: | oracle | model: | http server | scope: | eq | version: | 8.1.7 | Trust: 0.3 |
vendor: | openssl | model: | project openssl a | scope: | eq | version: | 0.9.7 | Trust: 0.3 |
vendor: | openssl | model: | project openssl | scope: | eq | version: | 0.9.7 | Trust: 0.3 |
vendor: | openssl | model: | project openssl i | scope: | eq | version: | 0.9.6 | Trust: 0.3 |
vendor: | openssl | model: | project openssl h | scope: | eq | version: | 0.9.6 | Trust: 0.3 |
vendor: | openssl | model: | project openssl g | scope: | eq | version: | 0.9.6 | Trust: 0.3 |
vendor: | openssl | model: | project openssl e | scope: | eq | version: | 0.9.6 | Trust: 0.3 |
vendor: | openssl | model: | project openssl d | scope: | eq | version: | 0.9.6 | Trust: 0.3 |
vendor: | openssl | model: | project openssl c | scope: | eq | version: | 0.9.6 | Trust: 0.3 |
vendor: | openssl | model: | project openssl b | scope: | eq | version: | 0.9.6 | Trust: 0.3 |
vendor: | openssl | model: | project openssl a | scope: | eq | version: | 0.9.6 | Trust: 0.3 |
vendor: | openssl | model: | project openssl | scope: | eq | version: | 0.9.6 | Trust: 0.3 |
vendor: | gnu | model: | transport layer security library | scope: | eq | version: | 0.8.4 | Trust: 0.3 |
vendor: | gnu | model: | transport layer security library | scope: | eq | version: | 0.8.3 | Trust: 0.3 |
vendor: | gnu | model: | transport layer security library | scope: | eq | version: | 0.8.2 | Trust: 0.3 |
vendor: | gnu | model: | transport layer security library | scope: | eq | version: | 0.8.1 | Trust: 0.3 |
vendor: | gnu | model: | transport layer security library | scope: | eq | version: | 0.8.0 | Trust: 0.3 |
vendor: | f5 | model: | big-ip blade controller ptf-01 | scope: | eq | version: | 4.2.3 | Trust: 0.3 |
vendor: | f5 | model: | big-ip | scope: | eq | version: | 4.5 | Trust: 0.3 |
vendor: | f5 | model: | big-ip | scope: | eq | version: | 4.4 | Trust: 0.3 |
vendor: | f5 | model: | big-ip | scope: | eq | version: | 4.3 | Trust: 0.3 |
vendor: | f5 | model: | big-ip | scope: | eq | version: | 4.2 | Trust: 0.3 |
vendor: | f5 | model: | 3-dns | scope: | eq | version: | 4.5 | Trust: 0.3 |
vendor: | f5 | model: | 3-dns | scope: | eq | version: | 4.4 | Trust: 0.3 |
vendor: | f5 | model: | 3-dns | scope: | eq | version: | 4.3 | Trust: 0.3 |
vendor: | f5 | model: | 3-dns | scope: | eq | version: | 4.2 | Trust: 0.3 |
vendor: | computer | model: | associates etrust security command center | scope: | eq | version: | 1.0 | Trust: 0.3 |
vendor: | compaq | model: | tru64 b | scope: | eq | version: | 5.1 | Trust: 0.3 |
vendor: | compaq | model: | tru64 a | scope: | eq | version: | 5.1 | Trust: 0.3 |
vendor: | compaq | model: | tru64 | scope: | eq | version: | 5.1 | Trust: 0.3 |
vendor: | compaq | model: | tru64 a | scope: | eq | version: | 5.0 | Trust: 0.3 |
vendor: | compaq | model: | tru64 g | scope: | eq | version: | 4.0 | Trust: 0.3 |
vendor: | compaq | model: | tru64 f | scope: | eq | version: | 4.0 | Trust: 0.3 |
vendor: | compaq | model: | openvms vax | scope: | eq | version: | 7.3 | Trust: 0.3 |
vendor: | compaq | model: | openvms alpha | scope: | eq | version: | 7.3 | Trust: 0.3 |
vendor: | compaq | model: | openvms alpha | scope: | eq | version: | 7.2.1 | Trust: 0.3 |
vendor: | compaq | model: | openvms alpha | scope: | eq | version: | 7.2-2 | Trust: 0.3 |
vendor: | compaq | model: | openvms -1h2 alpha | scope: | eq | version: | 7.2 | Trust: 0.3 |
vendor: | compaq | model: | openvms -1h1 alpha | scope: | eq | version: | 7.2 | Trust: 0.3 |
vendor: | compaq | model: | openvms vax | scope: | eq | version: | 7.2 | Trust: 0.3 |
vendor: | compaq | model: | openvms alpha | scope: | eq | version: | 7.2 | Trust: 0.3 |
vendor: | compaq | model: | openvms alpha | scope: | eq | version: | 7.1-2 | Trust: 0.3 |
vendor: | compaq | model: | openvms vax | scope: | eq | version: | 7.1 | Trust: 0.3 |
vendor: | compaq | model: | openvms alpha | scope: | eq | version: | 7.1 | Trust: 0.3 |
vendor: | compaq | model: | openvms vax | scope: | eq | version: | 6.2 | Trust: 0.3 |
vendor: | compaq | model: | openvms alpha | scope: | eq | version: | 6.2 | Trust: 0.3 |
vendor: | compaq | model: | openvms | scope: | eq | version: | 6.2 | Trust: 0.3 |
vendor: | apple | model: | mac os server | scope: | eq | version: | x10.2.4 | Trust: 0.3 |
vendor: | apple | model: | mac os server | scope: | eq | version: | x10.2.3 | Trust: 0.3 |
vendor: | apple | model: | mac os server | scope: | eq | version: | x10.2.2 | Trust: 0.3 |
vendor: | apple | model: | mac os server | scope: | eq | version: | x10.2.1 | Trust: 0.3 |
vendor: | apple | model: | mac os server | scope: | eq | version: | x10.2 | Trust: 0.3 |
vendor: | apple | model: | mac os | scope: | eq | version: | x10.2.4 | Trust: 0.3 |
vendor: | apple | model: | mac os | scope: | eq | version: | x10.2.3 | Trust: 0.3 |
vendor: | apple | model: | mac os | scope: | eq | version: | x10.2.2 | Trust: 0.3 |
vendor: | apple | model: | mac os | scope: | eq | version: | x10.2.1 | Trust: 0.3 |
vendor: | apple | model: | mac os | scope: | eq | version: | x10.2 | Trust: 0.3 |
vendor: | openssl | model: | project openssl b | scope: | ne | version: | 0.9.7 | Trust: 0.3 |
vendor: | openssl | model: | project openssl j | scope: | ne | version: | 0.9.6 | Trust: 0.3 |
vendor: | hp | model: | hp-ux apache-based web server | scope: | ne | version: | 1.0.07.01 | Trust: 0.3 |
vendor: | hp | model: | hp-ux apache-based web server | scope: | ne | version: | 1.0.03.01 | Trust: 0.3 |
vendor: | hp | model: | apache-based web server | scope: | ne | version: | 1.3.27.02 | Trust: 0.3 |
vendor: | gnu | model: | transport layer security library | scope: | ne | version: | 0.8.5 | Trust: 0.3 |
vendor: | apple | model: | mac os server | scope: | ne | version: | x10.2.5 | Trust: 0.3 |
vendor: | apple | model: | mac os | scope: | ne | version: | x10.2.5 | Trust: 0.3 |
EXPLOIT
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Design Error
Trust: 0.3
CREDITS
Discovery credited to Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa.
Trust: 0.3
EXTERNAL IDS
db: | NVD | id: | CVE-2003-0131 | Trust: 0.3 |
db: | BID | id: | 7148 | Trust: 0.3 |
REFERENCES
url: | http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf | Trust: 0.3 |
url: | http://www.info.apple.com/usen/security/security_updates.html | Trust: 0.3 |
url: | http://metalink.oracle.com | Trust: 0.3 |
url: | http://eprint.iacr.org/2003/052/ | Trust: 0.3 |
SOURCES
db: | BID | id: | 7148 |
LAST UPDATE DATE
2022-07-27T09:26:33.297000+00:00
SOURCES UPDATE DATE
db: | BID | id: | 7148 | date: | 2009-07-11T21:06:00 |
SOURCES RELEASE DATE
db: | BID | id: | 7148 | date: | 2003-03-19T00:00:00 |