Vulnerabilities > CVE-2003-0147

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
openpkg
openssl
stunnel
nessus

Summary

OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).

Nessus

  • NASL familyWeb Servers
    NASL idOPENSSL_PASSWORD_INTERCEPTION.NASL
    descriptionAccording to its banner, the remote host is using a version of OpenSSL older than 0.9.6j or 0.9.7b. This version is vulnerable to a timing-based attack that could allow an attacker to guess the content of fixed data blocks and may eventually be able to guess the value of the private RSA key of the server. An attacker may use this implementation flaw to sniff the data going to this host and decrypt some parts of it, as well as impersonate the server and perform man-in-the-middle attacks.
    last seen2020-06-01
    modified2020-06-02
    plugin id11267
    published2003-02-20
    reporterThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/11267
    titleOpenSSL < 0.9.6j / 0.9.7b Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if(description)
    {
     script_id(11267);
     script_version("1.43");
     script_cvs_date("Date: 2018/07/16 14:09:14");
    
     script_cve_id("CVE-2003-0078", "CVE-2003-0131", "CVE-2003-0147");
     script_bugtraq_id(6884, 7148);
     script_xref(name:"RHSA", value:"2003:101-01");
     script_xref(name:"SuSE", value:"SUSE-SA:2003:024");
     
     script_name(english:"OpenSSL < 0.9.6j / 0.9.7b Multiple Vulnerabilities");
     script_summary(english:"Checks for version of OpenSSL");
    
     script_set_attribute(attribute:"synopsis", value:
    "The remote host has an application that is affected by
    multiple vulnerabilities." );
     script_set_attribute(attribute:"description", value:
    "According to its banner, the remote host is using a version
    of OpenSSL older than 0.9.6j or 0.9.7b.
    
    This version is vulnerable to a timing-based attack that could
    allow an attacker to guess the content of fixed data blocks and
    may eventually be able to guess the value of the private RSA key
    of the server.
    
    An attacker may use this implementation flaw to sniff the
    data going to this host and decrypt some parts of it, as well
    as impersonate the server and perform man-in-the-middle attacks." );
     script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20030219.txt" );
     script_set_attribute(attribute:"see_also", value:"http://eprint.iacr.org/2003/052/" );
     script_set_attribute(attribute:"solution", value:
    "Upgrade to version 0.9.6j (0.9.7b) or newer." );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
     script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"true");
     
     script_set_attribute(attribute:"vuln_publication_date", value:"2003/02/19");
     script_set_attribute(attribute:"patch_publication_date", value:"2003/04/10");
     script_set_attribute(attribute:"plugin_publication_date", value:"2003/02/20");
     
     script_set_attribute(attribute:"plugin_type", value:"remote");
     script_set_attribute(attribute:"cpe", value:"cpe:/a:openssl:openssl");
     script_end_attributes();
    
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.");
     script_family(english:"Web Servers");
     script_dependencie("find_service1.nasl", "http_version.nasl");
     script_require_ports("Services/www", 443);
     exit(0);
    }
    
    #
    # The script code starts here - we rely on Apache to spit OpenSSL's
    # version. That sucks.
    #
    
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    include("backport.inc");
    
    if ( get_kb_item("CVE-2003-0078") ) exit(0);
    
    ports = add_port_in_list(list:get_kb_list("Services/www"), port:443);
    
    foreach port (ports)
    {
     banner = get_backport_banner(banner:get_http_banner(port:port));
     if ( ! banner || backported  )  continue;
     if(egrep(pattern:"^Server.*OpenSSL/0\.9\.([0-5][^0-9]|6[^a-z]|6[a-i])", string:banner) || egrep(pattern:"^Server.*OpenSSL/0\.9\.7(-beta|a| )", string:banner)) security_warning(port);
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-288.NASL
    descriptionResearchers discovered two flaws in OpenSSL, a Secure Socket Layer (SSL) library and related cryptographic tools. Applications that are linked against this library are generally vulnerable to attacks that could leak the server
    last seen2020-06-01
    modified2020-06-02
    plugin id15125
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15125
    titleDebian DSA-288-1 : openssl - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-288. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(15125);
      script_version("1.25");
      script_cvs_date("Date: 2019/08/02 13:32:17");
    
      script_cve_id("CVE-2003-0131", "CVE-2003-0147");
      script_bugtraq_id(7101, 7148);
      script_xref(name:"CERT", value:"888801");
      script_xref(name:"DSA", value:"288");
    
      script_name(english:"Debian DSA-288-1 : openssl - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Researchers discovered two flaws in OpenSSL, a Secure Socket Layer
    (SSL) library and related cryptographic tools. Applications that are
    linked against this library are generally vulnerable to attacks that
    could leak the server's private key or make the encrypted session
    decryptable otherwise. The Common Vulnerabilities and Exposures (CVE)
    project identified the following vulnerabilities :
    
     CAN-2003-0147 OpenSSL does not use RSA blinding by default, which
     allows local and remote attackers to obtain the server's private key.
     CAN-2003-0131 The SSL allows remote attackers to perform an
     unauthorized RSA private key operation that causes OpenSSL to leak
     information regarding the relationship between ciphertext and the
     associated plaintext."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2003/dsa-288"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the openssl packages immediately and restart the applications
    that use OpenSSL.
    
    For the stable distribution (woody) these problems have been fixed in
    version 0.9.6c-2.woody.3.
    
    For the old stable distribution (potato) these problems have been
    fixed in version 0.9.6c-0.potato.6.
    
    Unfortunately, RSA blinding is not thread-safe and will cause failures
    for programs that use threads and OpenSSL such as stunnel. However,
    since the proposed fix would change the binary interface (ABI),
    programs that are dynamically linked against OpenSSL won't run
    anymore. This is a dilemma we can't solve.
    
    You will have to decide whether you want the security update which is
    not thread-safe and recompile all applications that apparently fail
    after the upgrade, or fetch the additional source packages at the end
    of this advisory, recompile it and use a thread-safe OpenSSL library
    again, but also recompile all applications that make use of it (such
    as apache-ssl, mod_ssl, ssh etc.).
    
    However, since only very few packages use threads and link against the
    OpenSSL library most users will be able to use packages from this
    update without any problems."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openssl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2003/04/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
      script_set_attribute(attribute:"vuln_publication_date", value:"2003/03/19");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"2.2", prefix:"libssl-dev", reference:"0.9.6c-0.potato.6")) flag++;
    if (deb_check(release:"2.2", prefix:"libssl0.9.6", reference:"0.9.6c-0.potato.6")) flag++;
    if (deb_check(release:"2.2", prefix:"openssl", reference:"0.9.6c-0.potato.6")) flag++;
    if (deb_check(release:"2.2", prefix:"ssleay", reference:"0.9.6c-0.potato.6")) flag++;
    if (deb_check(release:"3.0", prefix:"libssl-dev", reference:"0.9.6c-2.woody.3")) flag++;
    if (deb_check(release:"3.0", prefix:"libssl0.9.6", reference:"0.9.6c-2.woody.3")) flag++;
    if (deb_check(release:"3.0", prefix:"openssl", reference:"0.9.6c-2.woody.3")) flag++;
    if (deb_check(release:"3.0", prefix:"ssleay", reference:"0.9.6c-2.woody.3")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2003-102.NASL
    descriptionUpdated OpenSSL packages are available that fix a potential timing-based attack and a modified Bleichenbacher attack. [Updated 30 May 2003] Added missing i686 packages. OpenSSL is a commercial-grade, full-featured, open source toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, and provides a full-strength general purpose cryptography library. Researchers discovered a timing attack on RSA keys. Applications making use of OpenSSL are generally vulnerable to such an attack, unless RSA blinding has been turned on. OpenSSL does not use RSA blinding by default and most applications do not enable RSA blinding. A local or remote attacker could use this attack to obtain the server
    last seen2020-06-01
    modified2020-06-02
    plugin id12380
    published2004-07-06
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/12380
    titleRHEL 2.1 : openssl (RHSA-2003:102)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2003-035.NASL
    descriptionResearchers discovered a timing-based attack on RSA keys that OpenSSL is generally vulnerable to, unless RSA blinding is enabled. Patches from the OpenSSL team have been applied to turn RSA blinding on by default. An extension of the
    last seen2020-06-01
    modified2020-06-02
    plugin id14019
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14019
    titleMandrake Linux Security Advisory : openssl (MDKSA-2003:035)

Oval

accepted2007-04-25T19:52:32.667-04:00
classvulnerability
contributors
  • nameJay Beale
    organizationBastille Linux
  • nameJay Beale
    organizationBastille Linux
  • nameJay Beale
    organizationBastille Linux
  • nameThomas R. Jones
    organizationMaitreya Security
descriptionOpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).
familyunix
idoval:org.mitre.oval:def:466
statusaccepted
submitted2003-08-11T12:00:00.000-04:00
titleOpenSSL No RSA Blinding Vulnerability
version39

Redhat

advisories
  • rhsa
    idRHSA-2003:101
  • rhsa
    idRHSA-2003:102
  • rhsa
    idRHSA-2003:205

Statements

contributorMark J Cox
lastmodified2007-03-14
organizationRed Hat
statementRed Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.