[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-3108Date: (C)2007-08-07   (M)2024-02-16


The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 1.2
Exploit Score: 1.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
http://www.securityfocus.com/archive/1/476341/100/0/threaded
http://www.securityfocus.com/archive/1/485936/100/0/threaded
http://www.securityfocus.com/archive/1/486859/100/0/threaded
BID-25163
SECUNIA-26411
SECUNIA-26893
SECUNIA-27021
SECUNIA-27078
SECUNIA-27097
SECUNIA-27205
SECUNIA-27330
SECUNIA-27770
SECUNIA-27870
SECUNIA-28368
SECUNIA-30161
SECUNIA-30220
SECUNIA-31467
SECUNIA-31489
SECUNIA-31531
ADV-2007-2759
ADV-2007-4010
ADV-2008-0064
ADV-2008-2361
ADV-2008-2362
ADV-2008-2396
DSA-1571
GLSA-200710-06
GLSA-200805-07
MDKSA-2007:193
RHSA-2007:0813
RHSA-2007:0964
RHSA-2007:1003
USN-522-1
VU#724968
http://lists.vmware.com/pipermail/security-announce/2008/000002.html
http://cvs.openssl.org/chngview?cn=16275
http://openssl.org/news/patch-CVE-2007-3108.txt
http://support.attachmate.com/techdocs/2374.html
http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm
http://www.bluecoat.com/support/securityadvisories/advisory_openssl_rsa_key_reconstruction_vulnerability
http://www.kb.cert.org/vuls/id/RGII-74KLP3
http://www.vmware.com/security/advisories/VMSA-2008-0001.html
http://www.vmware.com/security/advisories/VMSA-2008-0013.html
https://issues.rpath.com/browse/RPL-1613
https://issues.rpath.com/browse/RPL-1633
oval:org.mitre.oval:def:9984

CPE    1
cpe:/a:openssl:openssl
OVAL    1
oval:org.mitre.oval:def:7946

© SecPod Technologies