|
|
CVE Reference: CVE-2003-0078 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2003-0078 |
|
|
Description: ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack." |
|
|
CVE Status: Entry |
|
|
References: XF TRUSTIX SUSE SGI REDHAT OSVDB 3945 NETBSD MANDRAKE GENTOO FREEBSD ENGARDE DEBIAN CONFIRM http://www.openssl.org/news/secadv_20030219.txt CONECTIVA CIAC BUGTRAQ BID 6884 |
|
| Return to the previous page. |
