CVE-2003-0147
published 2003-03-31CVE-2003-0147: OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing…
PriorityP423medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
6.39%
92.8th percentile
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).
Affected
40 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssl | < openssl 0.9.7b-1 (bookworm) | openssl 0.9.7b-1 (bookworm) |
| openpkg | openpkg | — | — |
| openpkg | openpkg | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | >= 0 < 0.9.7b-1 | 0.9.7b-1 |
| openssl | openssl | >= 0 < 0.9.7b-1 | 0.9.7b-1 |
| openssl | openssl | >= 0 < 0.9.7b-1 | 0.9.7b-1 |
| openssl | openssl | >= 0 < 0.9.7b-1 | 0.9.7b-1 |
| peersec_networks | matrixssl | <= 1.0 | — |
| stunnel | stunnel | — | — |
| stunnel | stunnel | — | — |
| stunnel | stunnel | — | — |
| stunnel | stunnel | — | — |
| stunnel | stunnel | — | — |
| stunnel | stunnel | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2003-03-14·CVSS 5.0
CVE-2003-0147 [MEDIUM] security flaw
security flaw
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Debian
CVE-2003-0147: openssl - OpenSSL does not use RSA blinding by default, which allows local and remote atta...
vendor_debian·2003·CVSS 5.0
CVE-2003-0147 [MEDIUM] CVE-2003-0147: openssl - OpenSSL does not use RSA blinding by default, which allows local and remote atta...
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).
Scope: local
bookworm: resolved (fixed in 0.9.7b-1)
bullseye: resolved (fixed in 0.9.7b-1)
forky: resolved (fixed in 0.9.7b-1)
sid: resolved (fixed in 0.9.7b-1)
trixie: resolved (fixed in 0.9.7b-1)
GHSA
GHSA-4q57-g9fh-w67x: OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using
ghsa_unreviewed·2022-05-03
CVE-2003-0147 [MEDIUM] GHSA-4q57-g9fh-w67x: OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).
GHSA
GHSA-6vgj-39gw-mxw3: PeerSec MatrixSSL before 1
ghsa_unreviewed·2022-04-29·CVSS 5.0
CVE-2004-2682 [MEDIUM] GHSA-6vgj-39gw-mxw3: PeerSec MatrixSSL before 1
PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which allows context-dependent attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal), a related issue to CVE-2003-0147.
OSV
CVE-2003-0147: OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using
osv·2003-03-31·CVSS 5.0
CVE-2003-0147 [MEDIUM] CVE-2003-0147: OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2003-0147 security flaw
bugzilla·2018-08-16·CVSS 5.0
CVE-2003-0147 [MEDIUM] CVE-2003-0147 security flaw
CVE-2003-0147 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).
---
Statement:
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
RFC
Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS)
rfc·2015-02-01
Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS)
Internet Engineering Task Force (IETF) Y. Sheffer
Request for Comments: 7457 Porticor
Category: Informational R. Holz
ISSN: 2070-1721 Technische Universitaet Muenchen
P. Saint-Andre
&yet
February 2015
Summarizing Known Attacks on Transport Layer Security (TLS)
and Datagram TLS (DTLS)
Abstract
Over the last few years, there have been several serious attacks on
Transport Layer Security (TLS), including attacks on its most
commonly used ciphers and modes of operation. This document
summarizes these attacks, with the goal of motivating generic and
protocol-specific recommendations on the usage of TLS and Datagram
TLS (DTLS).
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This document is a product of the In
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txtftp://patches.sgi.com/support/free/security/advisories/20030501-01-Ihttp://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.htmlhttp://crypto.stanford.edu/~dabo/papers/ssl-timing.pdfhttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625http://marc.info/?l=bugtraq&m=104766550528628&w=2http://marc.info/?l=bugtraq&m=104792570615648&w=2http://marc.info/?l=bugtraq&m=104819602408063&w=2http://marc.info/?l=bugtraq&m=104829040921835&w=2http://marc.info/?l=bugtraq&m=104861762028637&w=2http://www.debian.org/security/2003/dsa-288http://www.gentoo.org/security/en/glsa/glsa-200303-23.xmlhttp://www.kb.cert.org/vuls/id/997481http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:035http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.019.htmlhttp://www.openssl.org/news/secadv_20030317.txthttp://www.redhat.com/support/errata/RHSA-2003-101.htmlhttp://www.redhat.com/support/errata/RHSA-2003-102.htmlhttp://www.securityfocus.com/archive/1/316165/30/25370/threadedhttp://www.securityfocus.com/archive/1/316165/30/25370/threadedhttp://www.securityfocus.com/archive/1/316577/30/25310/threadedhttp://www.securityfocus.com/archive/1/316577/30/25310/threadedhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A466ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txtftp://patches.sgi.com/support/free/security/advisories/20030501-01-Ihttp://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.htmlhttp://crypto.stanford.edu/~dabo/papers/ssl-timing.pdfhttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625http://marc.info/?l=bugtraq&m=104766550528628&w=2http://marc.info/?l=bugtraq&m=104792570615648&w=2http://marc.info/?l=bugtraq&m=104819602408063&w=2http://marc.info/?l=bugtraq&m=104829040921835&w=2http://marc.info/?l=bugtraq&m=104861762028637&w=2http://www.debian.org/security/2003/dsa-288http://www.gentoo.org/security/en/glsa/glsa-200303-23.xmlhttp://www.kb.cert.org/vuls/id/997481http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:035http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.019.htmlhttp://www.openssl.org/news/secadv_20030317.txthttp://www.redhat.com/support/errata/RHSA-2003-101.htmlhttp://www.redhat.com/support/errata/RHSA-2003-102.htmlhttp://www.securityfocus.com/archive/1/316165/30/25370/threadedhttp://www.securityfocus.com/archive/1/316165/30/25370/threadedhttp://www.securityfocus.com/archive/1/316577/30/25310/threadedhttp://www.securityfocus.com/archive/1/316577/30/25310/threadedhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A466
2003-03-31
Published