CVE-2003-0131 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2003-0131
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2003-0131

Description: The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack."

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/11586 TRUSTIX http://marc.theaimsgroup.com/?l=bugtraq&m=104878215721135&w=2 SUSE http://www.suse.de/de/security/2003_024_openssl.html http://www.novell.com/linux/security/advisories/2003_024_openssl.html SGI REDHAT http://www.redhat.com/support/errata/RHSA-2003-102.html http://www.redhat.com/support/errata/RHSA-2003-101.html OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:461 OPENPKG http://www.openpkg.org/security/OpenPKG-SA-2003.026-openssl.html NETBSD MISC http://www.linuxsecurity.com/advisories/immunix_advisory-3066.html http://eprint.iacr.org/2003/052/ MANDRAKE http://www.mandriva.com/security/advisories?name=MDKSA-2003:035 IMMUNIX http://www.linuxsecurity.com/advisories/immunix_advisory-3066.html http://www.securityfocus.com/archive/1/archive/1/316577/30/25310/threaded GENTOO http://www.gentoo.org/security/en/glsa/glsa-200303-20.xml FREEBSD ENGARDE DEBIAN http://www.debian.org/security/2003/dsa-288 CONFIRM http://lists.apple.com/mhonarc/security-announce/msg00028.html http://www.openssl.org/news/secadv_20030319.txt CONECTIVA http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625 CERT-VN 888801 CALDERA BUGTRAQ http://marc.theaimsgroup.com/?l=bugtraq&m=104852637112330&w=2 http://marc.theaimsgroup.com/?l=bugtraq&m=104811162730834&w=2 http://www.securityfocus.com/archive/1/archive/1/316577/30/25310/threaded BID 7148

Return to the previous page.