CVE-2003-0131

Current Description

The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack."

Basic Data

PublishedMarch 24, 2003
Last ModifiedOctober 19, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationOpensslOpenssl0.9.6*******
    2.3ApplicationOpensslOpenssl0.9.6a*******
    2.3ApplicationOpensslOpenssl0.9.6b*******
    2.3ApplicationOpensslOpenssl0.9.6c*******
    2.3ApplicationOpensslOpenssl0.9.6d*******
    2.3ApplicationOpensslOpenssl0.9.6e*******
    2.3ApplicationOpensslOpenssl0.9.6g*******
    2.3ApplicationOpensslOpenssl0.9.6h*******
    2.3ApplicationOpensslOpenssl0.9.6i*******
    2.3ApplicationOpensslOpenssl0.9.7*******
    2.3ApplicationOpensslOpenssl0.9.7a*******

Vulnerable Software List

VendorProductVersions
Openssl Openssl 0.9.6, 0.9.6a, 0.9.6b, 0.9.6c, 0.9.6d, 0.9.6e, 0.9.6g, 0.9.6h, 0.9.6i, 0.9.7, 0.9.7a

References

NameSourceURLTags
NetBSD-SA2003-007ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-007.txt.ascNETBSD
CSSA-2003-014.0ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txtCALDERA
20030501-01-Iftp://patches.sgi.com/support/free/security/advisories/20030501-01-ISGI
CLA-2003:625http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625CONECTIVA
http://eprint.iacr.org/2003/052/http://eprint.iacr.org/2003/052/MISCVendor Advisory
http://lists.apple.com/mhonarc/security-announce/msg00028.htmlhttp://lists.apple.com/mhonarc/security-announce/msg00028.htmlCONFIRM
20030319 [OpenSSL Advisory] Klima-Pokorny-Rosa attack on PKCS #1 v1.5 paddinghttp://marc.info/?l=bugtraq&m=104811162730834&w=2BUGTRAQ
20030324 GLSA: openssl (200303-20)http://marc.info/?l=bugtraq&m=104852637112330&w=2BUGTRAQ
2003-0013http://marc.info/?l=bugtraq&m=104878215721135&w=2TRUSTIX
DSA-288http://www.debian.org/security/2003/dsa-288DEBIAN
GLSA-200303-20http://www.gentoo.org/security/en/glsa/glsa-200303-20.xmlGENTOO
VU#888801http://www.kb.cert.org/vuls/id/888801CERT-VNThird Party Advisory US Government Resource
http://www.linuxsecurity.com/advisories/immunix_advisory-3066.htmlhttp://www.linuxsecurity.com/advisories/immunix_advisory-3066.htmlMISC
MDKSA-2003:035http://www.mandriva.com/security/advisories?name=MDKSA-2003:035MANDRAKE
OpenPKG-SA-2003.026http://www.openpkg.org/security/OpenPKG-SA-2003.026-openssl.htmlOPENPKG
http://www.openssl.org/news/secadv_20030319.txthttp://www.openssl.org/news/secadv_20030319.txtCONFIRM
RHSA-2003:101http://www.redhat.com/support/errata/RHSA-2003-101.htmlREDHAT
RHSA-2003:102http://www.redhat.com/support/errata/RHSA-2003-102.htmlREDHAT
IMNX-2003-7+-001-01http://www.securityfocus.com/archive/1/316577/30/25310/threadedIMMUNIX
7148http://www.securityfocus.com/bid/7148BIDPatch Vendor Advisory
ssl-premaster-information-leak(11586)https://exchange.xforce.ibmcloud.com/vulnerabilities/11586XF
SuSE-SA:2003:024https://lists.opensuse.org/opensuse-security-announce/2003-04/msg00005.htmlSUSE
oval:org.mitre.oval:def:461https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A461OVAL