ID
VAR-E-200303-0184
CVE
| cve_id: | CVE-2003-0147 | Trust: 0.3 |
TITLE
OpenSSL Timing Attack RSA Private Key Information Disclosure Vulnerability
Trust: 0.3
DESCRIPTION
A side-channel attack in the OpenSSL implementation has been published in a recent paper that may ultimately result in an active adversary gaining the RSA private key of a target server. The attack involves analysis of the timing of certain operations during client-server session key negotiation. Through this attack, it may be possible for a malicious client to discover the RSA private key of a server using the vulnerable software.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | vandyke | model: | securecrt | scope: | eq | version: | 4.0.4 | Trust: 0.3 |
| vendor: | vandyke | model: | securecrt | scope: | eq | version: | 4.0.3 | Trust: 0.3 |
| vendor: | vandyke | model: | securecrt | scope: | eq | version: | 4.0.2 | Trust: 0.3 |
| vendor: | vandyke | model: | securecrt | scope: | eq | version: | 4.0.1 | Trust: 0.3 |
| vendor: | vandyke | model: | securecrt | scope: | eq | version: | 3.4.8 | Trust: 0.3 |
| vendor: | vandyke | model: | securecrt | scope: | eq | version: | 3.4.7 | Trust: 0.3 |
| vendor: | vandyke | model: | securecrt | scope: | eq | version: | 3.4.6 | Trust: 0.3 |
| vendor: | vandyke | model: | securecrt | scope: | eq | version: | 3.4.5 | Trust: 0.3 |
| vendor: | vandyke | model: | securecrt | scope: | eq | version: | 3.4.4 | Trust: 0.3 |
| vendor: | vandyke | model: | securecrt | scope: | eq | version: | 3.4.3 | Trust: 0.3 |
| vendor: | vandyke | model: | securecrt | scope: | eq | version: | 3.4.2 | Trust: 0.3 |
| vendor: | vandyke | model: | securecrt | scope: | eq | version: | 3.4.1 | Trust: 0.3 |
| vendor: | vandyke | model: | securecrt | scope: | eq | version: | 3.4 | Trust: 0.3 |
| vendor: | vandyke | model: | securecrt | scope: | eq | version: | 3.3.4 | Trust: 0.3 |
| vendor: | vandyke | model: | securecrt | scope: | eq | version: | 3.3.3 | Trust: 0.3 |
| vendor: | vandyke | model: | securecrt | scope: | eq | version: | 3.3.2 | Trust: 0.3 |
| vendor: | vandyke | model: | securecrt | scope: | eq | version: | 3.3.1 | Trust: 0.3 |
| vendor: | vandyke | model: | securecrt | scope: | eq | version: | 3.3 | Trust: 0.3 |
| vendor: | vandyke | model: | securecrt | scope: | eq | version: | 3.2.2 | Trust: 0.3 |
| vendor: | vandyke | model: | securecrt | scope: | eq | version: | 3.2.1 | Trust: 0.3 |
| vendor: | vandyke | model: | securecrt | scope: | eq | version: | 3.2 | Trust: 0.3 |
| vendor: | vandyke | model: | securecrt | scope: | eq | version: | 3.1.2 | Trust: 0.3 |
| vendor: | vandyke | model: | securecrt | scope: | eq | version: | 3.1.1 | Trust: 0.3 |
| vendor: | vandyke | model: | securecrt | scope: | eq | version: | 3.1 | Trust: 0.3 |
| vendor: | vandyke | model: | securecrt | scope: | eq | version: | 3.0 | Trust: 0.3 |
| vendor: | vandyke | model: | securecrt | scope: | eq | version: | 2.4 | Trust: 0.3 |
| vendor: | sun | model: | cobalt raq xtr | scope: | - | version: | - | Trust: 0.3 |
| vendor: | sun | model: | cobalt raq | scope: | eq | version: | 550 | Trust: 0.3 |
| vendor: | sun | model: | cobalt raq | scope: | eq | version: | 4 | Trust: 0.3 |
| vendor: | sun | model: | cobalt qube | scope: | eq | version: | 3 | Trust: 0.3 |
| vendor: | stunnel | model: | stunnel | scope: | eq | version: | 4.04 | Trust: 0.3 |
| vendor: | stunnel | model: | stunnel | scope: | eq | version: | 4.03 | Trust: 0.3 |
| vendor: | stunnel | model: | stunnel | scope: | eq | version: | 4.02 | Trust: 0.3 |
| vendor: | stunnel | model: | stunnel | scope: | eq | version: | 4.01 | Trust: 0.3 |
| vendor: | stunnel | model: | stunnel | scope: | eq | version: | 4.00 | Trust: 0.3 |
| vendor: | stunnel | model: | stunnel | scope: | eq | version: | 3.22 | Trust: 0.3 |
| vendor: | stunnel | model: | stunnel | scope: | eq | version: | 3.21 | Trust: 0.3 |
| vendor: | stunnel | model: | stunnel | scope: | eq | version: | 3.19 | Trust: 0.3 |
| vendor: | stunnel | model: | stunnel | scope: | eq | version: | 3.18 | Trust: 0.3 |
| vendor: | stunnel | model: | stunnel | scope: | eq | version: | 3.17 | Trust: 0.3 |
| vendor: | stunnel | model: | stunnel | scope: | eq | version: | 3.16 | Trust: 0.3 |
| vendor: | stunnel | model: | stunnel | scope: | eq | version: | 3.15 | Trust: 0.3 |
| vendor: | stunnel | model: | stunnel | scope: | eq | version: | 3.14 | Trust: 0.3 |
| vendor: | stunnel | model: | stunnel | scope: | eq | version: | 3.13 | Trust: 0.3 |
| vendor: | stunnel | model: | stunnel | scope: | eq | version: | 3.12 | Trust: 0.3 |
| vendor: | stunnel | model: | stunnel | scope: | eq | version: | 3.11 | Trust: 0.3 |
| vendor: | stunnel | model: | stunnel | scope: | eq | version: | 3.9 | Trust: 0.3 |
| vendor: | stunnel | model: | stunnel | scope: | eq | version: | 3.8 | Trust: 0.3 |
| vendor: | stunnel | model: | stunnel | scope: | eq | version: | 3.7 | Trust: 0.3 |
| vendor: | stunnel | model: | stunnel | scope: | eq | version: | 3.20 | Trust: 0.3 |
| vendor: | stunnel | model: | stunnel | scope: | eq | version: | 3.10 | Trust: 0.3 |
| vendor: | ssh | model: | communications security ipsec express toolkit | scope: | - | version: | - | Trust: 0.3 |
| vendor: | ssh | model: | communications security certificate/tls toolkit | scope: | - | version: | - | Trust: 0.3 |
| vendor: | sgi | model: | irix | scope: | eq | version: | 6.5.19 | Trust: 0.3 |
| vendor: | redhat | model: | mgetty-sendfax-1.1.14-8.i386.rpm | scope: | eq | version: | 2.2 | Trust: 0.3 |
| vendor: | oracle | model: | oracle9i standard edition | scope: | eq | version: | 9.2 | Trust: 0.3 |
| vendor: | oracle | model: | oracle9i standard edition | scope: | eq | version: | 9.0.1 | Trust: 0.3 |
| vendor: | oracle | model: | oracle9i standard edition | scope: | eq | version: | 8.1.7 | Trust: 0.3 |
| vendor: | oracle | model: | oracle9i personal edition | scope: | eq | version: | 9.2 | Trust: 0.3 |
| vendor: | oracle | model: | oracle9i personal edition | scope: | eq | version: | 9.0.1 | Trust: 0.3 |
| vendor: | oracle | model: | oracle9i personal edition | scope: | eq | version: | 8.1.7 | Trust: 0.3 |
| vendor: | oracle | model: | oracle9i enterprise edition | scope: | eq | version: | 9.2.0 | Trust: 0.3 |
| vendor: | oracle | model: | oracle9i enterprise edition | scope: | eq | version: | 9.0.1 | Trust: 0.3 |
| vendor: | oracle | model: | oracle9i enterprise edition | scope: | eq | version: | 8.1.7 | Trust: 0.3 |
| vendor: | oracle | model: | oracle9i application server | scope: | eq | version: | 9.0.3 | Trust: 0.3 |
| vendor: | oracle | model: | oracle9i application server | scope: | eq | version: | 9.0.2 | Trust: 0.3 |
| vendor: | oracle | model: | oracle9i application server | scope: | eq | version: | 1.0.2.2 | Trust: 0.3 |
| vendor: | oracle | model: | oracle9i application server .1s | scope: | eq | version: | 1.0.2 | Trust: 0.3 |
| vendor: | oracle | model: | http server | scope: | eq | version: | 9.2.0 | Trust: 0.3 |
| vendor: | oracle | model: | http server | scope: | eq | version: | 9.0.1 | Trust: 0.3 |
| vendor: | oracle | model: | http server | scope: | eq | version: | 8.1.7 | Trust: 0.3 |
| vendor: | openssl | model: | project openssl a | scope: | eq | version: | 0.9.7 | Trust: 0.3 |
| vendor: | openssl | model: | project openssl | scope: | eq | version: | 0.9.7 | Trust: 0.3 |
| vendor: | openssl | model: | project openssl i | scope: | eq | version: | 0.9.6 | Trust: 0.3 |
| vendor: | openssl | model: | project openssl h | scope: | eq | version: | 0.9.6 | Trust: 0.3 |
| vendor: | openssl | model: | project openssl g | scope: | eq | version: | 0.9.6 | Trust: 0.3 |
| vendor: | openssl | model: | project openssl e | scope: | eq | version: | 0.9.6 | Trust: 0.3 |
| vendor: | openssl | model: | project openssl d | scope: | eq | version: | 0.9.6 | Trust: 0.3 |
| vendor: | openssl | model: | project openssl c | scope: | eq | version: | 0.9.6 | Trust: 0.3 |
| vendor: | openssl | model: | project openssl b | scope: | eq | version: | 0.9.6 | Trust: 0.3 |
| vendor: | openssl | model: | project openssl a | scope: | eq | version: | 0.9.6 | Trust: 0.3 |
| vendor: | openssl | model: | project openssl | scope: | eq | version: | 0.9.6 | Trust: 0.3 |
| vendor: | openpkg | model: | openpkg | scope: | eq | version: | 1.2 | Trust: 0.3 |
| vendor: | openpkg | model: | openpkg | scope: | eq | version: | 1.1 | Trust: 0.3 |
| vendor: | openpkg | model: | current | scope: | - | version: | - | Trust: 0.3 |
| vendor: | mod ssl | model: | mod ssl | scope: | eq | version: | 2.8.14 | Trust: 0.3 |
| vendor: | intoto | model: | igateway | scope: | eq | version: | 3.2 | Trust: 0.3 |
| vendor: | hp | model: | hp-ux | scope: | eq | version: | 11.22 | Trust: 0.3 |
| vendor: | hp | model: | hp-ux | scope: | eq | version: | 11.11 | Trust: 0.3 |
| vendor: | hp | model: | hp-ux | scope: | eq | version: | 11.0 | Trust: 0.3 |
| vendor: | gnu | model: | transport layer security library | scope: | eq | version: | 0.8.5 | Trust: 0.3 |
| vendor: | gnu | model: | transport layer security library | scope: | eq | version: | 0.8.4 | Trust: 0.3 |
| vendor: | gnu | model: | transport layer security library | scope: | eq | version: | 0.8.3 | Trust: 0.3 |
| vendor: | gnu | model: | transport layer security library | scope: | eq | version: | 0.8.2 | Trust: 0.3 |
| vendor: | gnu | model: | transport layer security library | scope: | eq | version: | 0.8.1 | Trust: 0.3 |
| vendor: | gnu | model: | transport layer security library | scope: | eq | version: | 0.8.0 | Trust: 0.3 |
| vendor: | gnu | model: | libgcrypt | scope: | eq | version: | 1.1.12 | Trust: 0.3 |
| vendor: | gnu | model: | libgcrypt | scope: | eq | version: | 1.1.11 | Trust: 0.3 |
| vendor: | gnu | model: | libgcrypt | scope: | eq | version: | 1.1.10 | Trust: 0.3 |
| vendor: | gnu | model: | libgcrypt | scope: | eq | version: | 1.1.9 | Trust: 0.3 |
| vendor: | gnu | model: | libgcrypt | scope: | eq | version: | 1.1.8 | Trust: 0.3 |
| vendor: | foundry | model: | networks ironview | scope: | - | version: | - | Trust: 0.3 |
| vendor: | f5 | model: | big-ip blade controller ptf-01 | scope: | eq | version: | 4.2.3 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip | scope: | eq | version: | 4.5 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip | scope: | eq | version: | 4.4 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip | scope: | eq | version: | 4.3 | Trust: 0.3 |
| vendor: | f5 | model: | big-ip | scope: | eq | version: | 4.2 | Trust: 0.3 |
| vendor: | f5 | model: | 3-dns | scope: | eq | version: | 4.5 | Trust: 0.3 |
| vendor: | crypto | model: | crypto++ library | scope: | eq | version: | 5.0 | Trust: 0.3 |
| vendor: | crypto | model: | crypto++ library | scope: | eq | version: | 4.2 | Trust: 0.3 |
| vendor: | covalent | model: | fast start server | scope: | eq | version: | 3.3 | Trust: 0.3 |
| vendor: | covalent | model: | fast start server | scope: | eq | version: | 3.2 | Trust: 0.3 |
| vendor: | covalent | model: | fast start server | scope: | eq | version: | 3.1 | Trust: 0.3 |
| vendor: | covalent | model: | enterprise ready server | scope: | eq | version: | 2.3 | Trust: 0.3 |
| vendor: | covalent | model: | enterprise ready server | scope: | eq | version: | 2.2 | Trust: 0.3 |
| vendor: | covalent | model: | enterprise ready server | scope: | eq | version: | 2.1 | Trust: 0.3 |
| vendor: | computer | model: | associates etrust security command center | scope: | eq | version: | 1.0 | Trust: 0.3 |
| vendor: | compaq | model: | tru64 b | scope: | eq | version: | 5.1 | Trust: 0.3 |
| vendor: | compaq | model: | tru64 a | scope: | eq | version: | 5.1 | Trust: 0.3 |
| vendor: | compaq | model: | tru64 | scope: | eq | version: | 5.1 | Trust: 0.3 |
| vendor: | compaq | model: | tru64 a | scope: | eq | version: | 5.0 | Trust: 0.3 |
| vendor: | compaq | model: | tru64 g | scope: | eq | version: | 4.0 | Trust: 0.3 |
| vendor: | compaq | model: | tru64 f | scope: | eq | version: | 4.0 | Trust: 0.3 |
| vendor: | compaq | model: | openvms vax | scope: | eq | version: | 7.3 | Trust: 0.3 |
| vendor: | compaq | model: | openvms alpha | scope: | eq | version: | 7.3 | Trust: 0.3 |
| vendor: | compaq | model: | openvms alpha | scope: | eq | version: | 7.2.1 | Trust: 0.3 |
| vendor: | compaq | model: | openvms alpha | scope: | eq | version: | 7.2-2 | Trust: 0.3 |
| vendor: | compaq | model: | openvms -1h2 alpha | scope: | eq | version: | 7.2 | Trust: 0.3 |
| vendor: | compaq | model: | openvms -1h1 alpha | scope: | eq | version: | 7.2 | Trust: 0.3 |
| vendor: | compaq | model: | openvms vax | scope: | eq | version: | 7.2 | Trust: 0.3 |
| vendor: | compaq | model: | openvms alpha | scope: | eq | version: | 7.2 | Trust: 0.3 |
| vendor: | compaq | model: | openvms alpha | scope: | eq | version: | 7.1-2 | Trust: 0.3 |
| vendor: | compaq | model: | openvms vax | scope: | eq | version: | 7.1 | Trust: 0.3 |
| vendor: | compaq | model: | openvms alpha | scope: | eq | version: | 7.1 | Trust: 0.3 |
| vendor: | compaq | model: | openvms vax | scope: | eq | version: | 6.2 | Trust: 0.3 |
| vendor: | compaq | model: | openvms alpha | scope: | eq | version: | 6.2 | Trust: 0.3 |
| vendor: | compaq | model: | openvms | scope: | eq | version: | 6.2 | Trust: 0.3 |
| vendor: | vandyke | model: | securecrt | scope: | ne | version: | 4.0.5 | Trust: 0.3 |
| vendor: | openssl | model: | project openssl b | scope: | ne | version: | 0.9.7 | Trust: 0.3 |
| vendor: | openssl | model: | project openssl j | scope: | ne | version: | 0.9.6 | Trust: 0.3 |
| vendor: | openssh | model: | openssh | scope: | ne | version: | 3.6.1 | Trust: 0.3 |
| vendor: | hp | model: | hp-ux apache-based web server | scope: | ne | version: | 1.0.07.01 | Trust: 0.3 |
| vendor: | crypto | model: | crypto++ library | scope: | ne | version: | 5.1 | Trust: 0.3 |
EXPLOIT
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Configuration Error
Trust: 0.3
CREDITS
Discovery credited to David Brumley and Dan Boneh.
Trust: 0.3
EXTERNAL IDS
| db: | NVD | id: | CVE-2003-0147 | Trust: 0.3 |
| db: | BID | id: | 7101 | Trust: 0.3 |
REFERENCES
| url: | http://www.eskimo.com/~weidai/cryptlib.html | Trust: 0.3 |
| url: | http://www.openbsd.org/errata31.html#kadmin | Trust: 0.3 |
| url: | http://www.oracle.com/ip/deploy/ias/index.html | Trust: 0.3 |
| url: | http://www.covalent.net/support/rotate.php?page=109 | Trust: 0.3 |
| url: | http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf | Trust: 0.3 |
| url: | http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html | Trust: 0.3 |
| url: | http://www.info.apple.com/usen/security/security_updates.html | Trust: 0.3 |
| url: | http://metalink.oracle.com | Trust: 0.3 |
| url: | http://www.openbsd.org/errata32.html | Trust: 0.3 |
SOURCES
| db: | BID | id: | 7101 |
LAST UPDATE DATE
2022-07-27T10:02:24.513000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 7101 | date: | 2009-07-11T21:06:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 7101 | date: | 2003-03-14T00:00:00 |