Vulnerabilities > CVE-2003-0147
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 | |
Application | 11 | |
Application | Stunnel
| 21 |
Nessus
NASL family Web Servers NASL id OPENSSL_PASSWORD_INTERCEPTION.NASL description According to its banner, the remote host is using a version of OpenSSL older than 0.9.6j or 0.9.7b. This version is vulnerable to a timing-based attack that could allow an attacker to guess the content of fixed data blocks and may eventually be able to guess the value of the private RSA key of the server. An attacker may use this implementation flaw to sniff the data going to this host and decrypt some parts of it, as well as impersonate the server and perform man-in-the-middle attacks. last seen 2020-06-01 modified 2020-06-02 plugin id 11267 published 2003-02-20 reporter This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11267 title OpenSSL < 0.9.6j / 0.9.7b Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(11267); script_version("1.43"); script_cvs_date("Date: 2018/07/16 14:09:14"); script_cve_id("CVE-2003-0078", "CVE-2003-0131", "CVE-2003-0147"); script_bugtraq_id(6884, 7148); script_xref(name:"RHSA", value:"2003:101-01"); script_xref(name:"SuSE", value:"SUSE-SA:2003:024"); script_name(english:"OpenSSL < 0.9.6j / 0.9.7b Multiple Vulnerabilities"); script_summary(english:"Checks for version of OpenSSL"); script_set_attribute(attribute:"synopsis", value: "The remote host has an application that is affected by multiple vulnerabilities." ); script_set_attribute(attribute:"description", value: "According to its banner, the remote host is using a version of OpenSSL older than 0.9.6j or 0.9.7b. This version is vulnerable to a timing-based attack that could allow an attacker to guess the content of fixed data blocks and may eventually be able to guess the value of the private RSA key of the server. An attacker may use this implementation flaw to sniff the data going to this host and decrypt some parts of it, as well as impersonate the server and perform man-in-the-middle attacks." ); script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20030219.txt" ); script_set_attribute(attribute:"see_also", value:"http://eprint.iacr.org/2003/052/" ); script_set_attribute(attribute:"solution", value: "Upgrade to version 0.9.6j (0.9.7b) or newer." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/02/19"); script_set_attribute(attribute:"patch_publication_date", value:"2003/04/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2003/02/20"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:openssl:openssl"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc."); script_family(english:"Web Servers"); script_dependencie("find_service1.nasl", "http_version.nasl"); script_require_ports("Services/www", 443); exit(0); } # # The script code starts here - we rely on Apache to spit OpenSSL's # version. That sucks. # include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("backport.inc"); if ( get_kb_item("CVE-2003-0078") ) exit(0); ports = add_port_in_list(list:get_kb_list("Services/www"), port:443); foreach port (ports) { banner = get_backport_banner(banner:get_http_banner(port:port)); if ( ! banner || backported ) continue; if(egrep(pattern:"^Server.*OpenSSL/0\.9\.([0-5][^0-9]|6[^a-z]|6[a-i])", string:banner) || egrep(pattern:"^Server.*OpenSSL/0\.9\.7(-beta|a| )", string:banner)) security_warning(port); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-288.NASL description Researchers discovered two flaws in OpenSSL, a Secure Socket Layer (SSL) library and related cryptographic tools. Applications that are linked against this library are generally vulnerable to attacks that could leak the server last seen 2020-06-01 modified 2020-06-02 plugin id 15125 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15125 title Debian DSA-288-1 : openssl - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-288. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(15125); script_version("1.25"); script_cvs_date("Date: 2019/08/02 13:32:17"); script_cve_id("CVE-2003-0131", "CVE-2003-0147"); script_bugtraq_id(7101, 7148); script_xref(name:"CERT", value:"888801"); script_xref(name:"DSA", value:"288"); script_name(english:"Debian DSA-288-1 : openssl - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Researchers discovered two flaws in OpenSSL, a Secure Socket Layer (SSL) library and related cryptographic tools. Applications that are linked against this library are generally vulnerable to attacks that could leak the server's private key or make the encrypted session decryptable otherwise. The Common Vulnerabilities and Exposures (CVE) project identified the following vulnerabilities : CAN-2003-0147 OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key. CAN-2003-0131 The SSL allows remote attackers to perform an unauthorized RSA private key operation that causes OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2003/dsa-288" ); script_set_attribute( attribute:"solution", value: "Upgrade the openssl packages immediately and restart the applications that use OpenSSL. For the stable distribution (woody) these problems have been fixed in version 0.9.6c-2.woody.3. For the old stable distribution (potato) these problems have been fixed in version 0.9.6c-0.potato.6. Unfortunately, RSA blinding is not thread-safe and will cause failures for programs that use threads and OpenSSL such as stunnel. However, since the proposed fix would change the binary interface (ABI), programs that are dynamically linked against OpenSSL won't run anymore. This is a dilemma we can't solve. You will have to decide whether you want the security update which is not thread-safe and recompile all applications that apparently fail after the upgrade, or fetch the additional source packages at the end of this advisory, recompile it and use a thread-safe OpenSSL library again, but also recompile all applications that make use of it (such as apache-ssl, mod_ssl, ssh etc.). However, since only very few packages use threads and link against the OpenSSL library most users will be able to use packages from this update without any problems." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openssl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2003/04/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/03/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"2.2", prefix:"libssl-dev", reference:"0.9.6c-0.potato.6")) flag++; if (deb_check(release:"2.2", prefix:"libssl0.9.6", reference:"0.9.6c-0.potato.6")) flag++; if (deb_check(release:"2.2", prefix:"openssl", reference:"0.9.6c-0.potato.6")) flag++; if (deb_check(release:"2.2", prefix:"ssleay", reference:"0.9.6c-0.potato.6")) flag++; if (deb_check(release:"3.0", prefix:"libssl-dev", reference:"0.9.6c-2.woody.3")) flag++; if (deb_check(release:"3.0", prefix:"libssl0.9.6", reference:"0.9.6c-2.woody.3")) flag++; if (deb_check(release:"3.0", prefix:"openssl", reference:"0.9.6c-2.woody.3")) flag++; if (deb_check(release:"3.0", prefix:"ssleay", reference:"0.9.6c-2.woody.3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2003-102.NASL description Updated OpenSSL packages are available that fix a potential timing-based attack and a modified Bleichenbacher attack. [Updated 30 May 2003] Added missing i686 packages. OpenSSL is a commercial-grade, full-featured, open source toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, and provides a full-strength general purpose cryptography library. Researchers discovered a timing attack on RSA keys. Applications making use of OpenSSL are generally vulnerable to such an attack, unless RSA blinding has been turned on. OpenSSL does not use RSA blinding by default and most applications do not enable RSA blinding. A local or remote attacker could use this attack to obtain the server last seen 2020-06-01 modified 2020-06-02 plugin id 12380 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12380 title RHEL 2.1 : openssl (RHSA-2003:102) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-035.NASL description Researchers discovered a timing-based attack on RSA keys that OpenSSL is generally vulnerable to, unless RSA blinding is enabled. Patches from the OpenSSL team have been applied to turn RSA blinding on by default. An extension of the last seen 2020-06-01 modified 2020-06-02 plugin id 14019 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14019 title Mandrake Linux Security Advisory : openssl (MDKSA-2003:035)
Oval
accepted | 2007-04-25T19:52:32.667-04:00 | ||||||||||||||||
class | vulnerability | ||||||||||||||||
contributors |
| ||||||||||||||||
description | OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal). | ||||||||||||||||
family | unix | ||||||||||||||||
id | oval:org.mitre.oval:def:466 | ||||||||||||||||
status | accepted | ||||||||||||||||
submitted | 2003-08-11T12:00:00.000-04:00 | ||||||||||||||||
title | OpenSSL No RSA Blinding Vulnerability | ||||||||||||||||
version | 39 |
Redhat
advisories |
|
Statements
contributor | Mark J Cox |
lastmodified | 2007-03-14 |
organization | Red Hat |
statement | Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
References
- ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt
- ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I
- http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html
- http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625
- http://marc.info/?l=bugtraq&m=104766550528628&w=2
- http://marc.info/?l=bugtraq&m=104792570615648&w=2
- http://marc.info/?l=bugtraq&m=104819602408063&w=2
- http://marc.info/?l=bugtraq&m=104829040921835&w=2
- http://marc.info/?l=bugtraq&m=104861762028637&w=2
- http://www.debian.org/security/2003/dsa-288
- http://www.gentoo.org/security/en/glsa/glsa-200303-23.xml
- http://www.kb.cert.org/vuls/id/997481
- http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:035
- http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.019.html
- http://www.openssl.org/news/secadv_20030317.txt
- http://www.redhat.com/support/errata/RHSA-2003-101.html
- http://www.redhat.com/support/errata/RHSA-2003-102.html
- http://www.securityfocus.com/archive/1/316165/30/25370/threaded
- http://www.securityfocus.com/archive/1/316577/30/25310/threaded
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A466