CVE-2003-0078
published 2003-03-03CVE-2003-0078: ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used…
PriorityP426medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
13.72%
96.0th percentile
ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack."
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssl | < openssl 0.9.7a-1 (bookworm) | openssl 0.9.7a-1 (bookworm) |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| openbsd | openbsd | — | — |
| openbsd | openbsd | — | — |
| openssl | openssl | < 0.9.6i | 0.9.6i |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | >= 0 < 0.9.7a-1 | 0.9.7a-1 |
| openssl | openssl | >= 0 < 0.9.7a-1 | 0.9.7a-1 |
| openssl | openssl | >= 0 < 0.9.7a-1 | 0.9.7a-1 |
| openssl | openssl | >= 0 < 0.9.7a-1 | 0.9.7a-1 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2003-02-19·CVSS 5.0
CVE-2003-0078 [MEDIUM] security flaw
security flaw
ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack."
Debian
CVE-2003-0078: openssl - ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i do...
vendor_debian·2003·CVSS 5.0
CVE-2003-0078 [MEDIUM] CVE-2003-0078: openssl - ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i do...
ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack."
Scope: local
bookworm: resolved (fixed in 0.9.7a-1)
bullseye: resolved (fixed in 0.9.7a-1)
forky: resolved (fixed in 0.9.7a-1)
sid: resolved (fixed in 0.9.7a-1)
trixie: resolved (fixed in 0.9.7a-1)
GHSA
GHSA-2x68-h5x4-c4qp: ssl3_get_record in s3_pkt
ghsa_unreviewed·2022-05-03
CVE-2003-0078 [MEDIUM] GHSA-2x68-h5x4-c4qp: ssl3_get_record in s3_pkt
ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack."
OSV
CVE-2003-0078: ssl3_get_record in s3_pkt
osv·2003-03-03·CVSS 5.0
CVE-2003-0078 [MEDIUM] CVE-2003-0078: ssl3_get_record in s3_pkt
ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack."
No detection rules found.
Exploit-DB
Microsoft Windows XP/Vista/2003/2008 - WMI Service Isolation Privilege Escalation
exploitdb·2009-04-14
CVE-2009-0078 Microsoft Windows XP/Vista/2003/2008 - WMI Service Isolation Privilege Escalation
Microsoft Windows XP/Vista/2003/2008 - WMI Service Isolation Privilege Escalation
---
source: https://www.securityfocus.com/bid/34442/info
Microsoft Windows is prone to a privilege-escalation vulnerability.
Successful exploits may allow attackers to elevate their privileges to LocalSystem, which would facilitate the complete compromise of affected computers.
The issue affects the following:
Windows XP SP2
Windows Server 2003
Windows Vista
Windows Server 2008
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/6705.zip
Exploit-DB
OpenSSL 0.9.x - CBC Error Information Leakage
exploitdb·2003-02-19
CVE-2003-0078 OpenSSL 0.9.x - CBC Error Information Leakage
OpenSSL 0.9.x - CBC Error Information Leakage
---
source: https://www.securityfocus.com/bid/6884/info
A side-channel attack against implementations of SSL exists that, through analysis of the timing of certain operations, can reveal sensitive information to an active adversary. This information leaked by vulnerable implementations is reportedly sufficient for an adaptive attack that will ultimately obtain plaintext of a target block of ciphertext.
The information loss was reduced in OpenSSL versions 0.9.6i and 0.9.7a. It is not known if other implementations are vulnerable to this or similar weaknesses.
*It should be noted that this attack is reportedly difficult to exploit and requires that the adversary be a man-in-the-middle.
https://gitlab.com/exploit-database/exploitdb-bin-sploi
CWE
Observable Timing Discrepancy
mitre_cwe
CWE-208 Observable Timing Discrepancy
CWE-208: Observable Timing Discrepancy
Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.
In security-relevant contexts, even small variations in timing can be exploited by attackers to indirectly infer certain details about the product's internal operations. For example, in some cryptographic algorithms, attackers can use timing differences to infer certain properties about a private key, making the key easier to guess. Timing discrepancies effectively form a timing side channel.
Modes of Introduction:
Phase: Architecture and Design
Note: COMMISSION: This weakness refers to an inc
CWE
Observable Discrepancy
mitre_cwe
CWE-203 Observable Discrepancy
CWE-203: Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.
Discrepancies can take many forms, and variations may be detectable in timing, control flow, communications such as replies or requests, or general behavior. These discrepancies can reveal information about the product's operation or internal state to an unauthorized actor. In some cases, discrepancies can be used by attackers to form a side channel.
Modes of Introduction:
Phase: Architecture and Design
Phase: Implementation
Common Consequences:
Scope: Confidentiality, Access
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-001.txt.ascftp://patches.sgi.com/support/free/security/advisories/20030501-01-Ihttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000570http://marc.info/?l=bugtraq&m=104567627211904&w=2http://marc.info/?l=bugtraq&m=104568426824439&w=2http://marc.info/?l=bugtraq&m=104577183206905&w=2http://www.ciac.org/ciac/bulletins/n-051.shtmlhttp://www.debian.org/security/2003/dsa-253http://www.iss.net/security_center/static/11369.phphttp://www.linuxsecurity.com/advisories/engarde_advisory-2874.htmlhttp://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:020http://www.openssl.org/news/secadv_20030219.txthttp://www.osvdb.org/3945http://www.redhat.com/support/errata/RHSA-2003-062.htmlhttp://www.redhat.com/support/errata/RHSA-2003-063.htmlhttp://www.redhat.com/support/errata/RHSA-2003-082.htmlhttp://www.redhat.com/support/errata/RHSA-2003-104.htmlhttp://www.redhat.com/support/errata/RHSA-2003-205.htmlhttp://www.securityfocus.com/bid/6884http://www.trustix.org/errata/2003/0005ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-001.txt.ascftp://patches.sgi.com/support/free/security/advisories/20030501-01-Ihttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000570http://marc.info/?l=bugtraq&m=104567627211904&w=2http://marc.info/?l=bugtraq&m=104568426824439&w=2http://marc.info/?l=bugtraq&m=104577183206905&w=2http://www.ciac.org/ciac/bulletins/n-051.shtmlhttp://www.debian.org/security/2003/dsa-253http://www.iss.net/security_center/static/11369.phphttp://www.linuxsecurity.com/advisories/engarde_advisory-2874.htmlhttp://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:020http://www.openssl.org/news/secadv_20030219.txthttp://www.osvdb.org/3945http://www.redhat.com/support/errata/RHSA-2003-062.htmlhttp://www.redhat.com/support/errata/RHSA-2003-063.htmlhttp://www.redhat.com/support/errata/RHSA-2003-082.htmlhttp://www.redhat.com/support/errata/RHSA-2003-104.htmlhttp://www.redhat.com/support/errata/RHSA-2003-205.htmlhttp://www.securityfocus.com/bid/6884http://www.trustix.org/errata/2003/0005
2003-03-03
Published