ID

VAR-200303-0118


CVE

CVE-2003-0131


TITLE

SSL/TLS implementations disclose side channel information via PKCS #1 v1.5 version number extension

Trust: 0.8

sources: CERT/CC: VU#888801

DESCRIPTION

The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack.". SSL/TLS implementations that respond distinctively to an incorrect PKCS #1 v1.5 encoded SSL/TLS version number expose the premaster secret to a modified Bleichenbacher attack. An attacker could decrypt a given SSL/TLS session or forge a signature on behalf of a vulnerable application's private RSA key. OpenSSL In RSA Is used for the encryption algorithm, PKCS#1 Secret value shared across the session between the client and server due to inadequate version number handling in the process ) There is a vulnerability that leaks.There is a possibility of decrypting the encrypted communication content. A problem with OpenSSL may leak sensitive information. A user could abuse the response of vulnerable servers to act as an oracle. By sending a large number of adaptive attacks, the possibility exists for a remote user to create a choice of ciphertext encrypted with the private key of the server. OpenSSL Security Advisory [19 March 2003] Klima-Pokorny-Rosa attack on RSA in SSL/TLS =========================================== Czech cryptologists Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa have come up with an extension of the "Bleichenbacher attack" on RSA with PKCS #1 v1.5 padding as used in SSL 3.0 and TLS 1.0. Note that the server's RSA key is not compromised in this attack. OpenSSL releases up to 0.9.6i and 0.9.7a are vulnerable. The enclosed patch modifies SSL/TLS server behaviour to avoid the vulnerability. Security Patch -------------- The following patch can be applied to OpenSSL releases 0.9.6b up to 0.9.6i, 0.9.7, and 0.9.7a. --- s3_srvr.c 29 Nov 2002 11:31:51 -0000 1.85.2.14 +++ s3_srvr.c 19 Mar 2003 18:00:00 -0000 @@ -1447,7 +1447,7 @@ if (i != SSL_MAX_MASTER_KEY_LENGTH) { al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); + /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */ } if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff)))) @@ -1463,30 +1463,29 @@ (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff)))) { al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); - goto f_err; + /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */ + + /* The Klima-Pokorny-Rosa extension of Bleichenbacher's attack + * (https://eprint.iacr.org/2003/052/) exploits the version + * number check as a "bad version oracle" -- an alert would + * reveal that the plaintext corresponding to some ciphertext + * made up by the adversary is properly formatted except + * that the version number is wrong. To avoid such attacks, + * we should treat this just like any other decryption error. */ + p[0] = (char)(int) "CAN-2003-0131 patch 2003-03-19"; } } if (al != -1) { -#if 0 - goto f_err; -#else /* Some decryption failure -- use random value instead as countermeasure * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding - * (see RFC 2246, section 7.4.7.1). - * But note that due to length and protocol version checking, the - * attack is impractical anyway (see section 5 in D. Bleichenbacher: - * "Chosen Ciphertext Attacks Against Protocols Based on the RSA - * Encryption Standard PKCS #1", CRYPTO '98, LNCS 1462, pp. 1-12). - */ + * (see RFC 2246, section 7.4.7.1). */ ERR_clear_error(); i = SSL_MAX_MASTER_KEY_LENGTH; p[0] = s->client_version >> 8; p[1] = s->client_version & 0xff; RAND_pseudo_bytes(p+2, i-2); /* should be RAND_bytes, but we cannot work around a failure */ -#endif } s->session->master_key_length= References ---------- Report "Attacking RSA-based Sessions in SSL/TLS" by V. Klima, O. Pokorny, and T. Rosa: https://eprint.iacr.org/2003/052/ The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0131 to this issue. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0131 URL for this Security Advisory: https://www.openssl.org/news/secadv_20030319.txt

Trust: 2.7

sources: NVD: CVE-2003-0131 // CERT/CC: VU#888801 // JVNDB: JVNDB-2003-000095 // BID: 7148 // PACKETSTORM: 169675

AFFECTED PRODUCTS

vendor:opensslmodel:opensslscope:eqversion:0.9.7a

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:0.9.6b

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:0.9.6d

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:0.9.6e

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:0.9.6g

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:0.9.6h

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:0.9.6i

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:0.9.7

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:0.9.6c

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:0.9.6a

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:0.9.6

Trust: 1.0

vendor:apple computermodel: - scope: - version: -

Trust: 0.8

vendor:conectivamodel: - scope: - version: -

Trust: 0.8

vendor:debianmodel: - scope: - version: -

Trust: 0.8

vendor:f5model: - scope: - version: -

Trust: 0.8

vendor:freebsdmodel: - scope: - version: -

Trust: 0.8

vendor:gnu tlsmodel: - scope: - version: -

Trust: 0.8

vendor:gentoo linuxmodel: - scope: - version: -

Trust: 0.8

vendor:guardian digitalmodel: - scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel: - scope: - version: -

Trust: 0.8

vendor:ibmmodel: - scope: - version: -

Trust: 0.8

vendor:ingrianmodel: - scope: - version: -

Trust: 0.8

vendor:mirapointmodel: - scope: - version: -

Trust: 0.8

vendor:netbsdmodel: - scope: - version: -

Trust: 0.8

vendor:openbsdmodel: - scope: - version: -

Trust: 0.8

vendor:openpkgmodel: - scope: - version: -

Trust: 0.8

vendor:opensslmodel: - scope: - version: -

Trust: 0.8

vendor:red hatmodel: - scope: - version: -

Trust: 0.8

vendor:sgimodel: - scope: - version: -

Trust: 0.8

vendor:ssh securitymodel: - scope: - version: -

Trust: 0.8

vendor:sorceror linuxmodel: - scope: - version: -

Trust: 0.8

vendor:stonesoftmodel: - scope: - version: -

Trust: 0.8

vendor:susemodel: - scope: - version: -

Trust: 0.8

vendor:trustix secure linuxmodel: - scope: - version: -

Trust: 0.8

vendor:wirexmodel: - scope: - version: -

Trust: 0.8

vendor:esoftmodel: - scope: - version: -

Trust: 0.8

vendor:mod sslmodel: - scope: - version: -

Trust: 0.8

vendor:opensslmodel:opensslscope:lteversion:0.9.7a

Trust: 0.8

vendor:oraclemodel:application serverscope:eqversion:1.0.2.2

Trust: 0.8

vendor:oraclemodel:application serverscope:eqversion:9.0.2

Trust: 0.8

vendor:oraclemodel:application serverscope:eqversion:9.0.3

Trust: 0.8

vendor:oraclemodel:databasescope:eqversion:8.1.7.4

Trust: 0.8

vendor:oraclemodel:databasescope:eqversion:9.0.1.4

Trust: 0.8

vendor:oraclemodel:databasescope:eqversion:9.2.0.2

Trust: 0.8

vendor:oraclemodel:databasescope:eqversion:9.2.0.3

Trust: 0.8

vendor:oraclemodel:databasescope:eqversion:9.2.0.4

Trust: 0.8

vendor:sun microsystemsmodel:cobalt raq4scope: - version: -

Trust: 0.8

vendor:sun microsystemsmodel:cobalt raq550scope: - version: -

Trust: 0.8

vendor:sun microsystemsmodel:cobalt raqxtrscope: - version: -

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:6.5

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:7

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:8

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.00

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.11

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.20

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.22

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:6.2

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:7.0

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:7.1

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:7.2

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:7.3

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:8.0

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:9

Trust: 0.8

vendor:sunmodel:cobalt raq xtrscope: - version: -

Trust: 0.3

vendor:sunmodel:cobalt raqscope:eqversion:550

Trust: 0.3

vendor:sunmodel:cobalt raqscope:eqversion:4

Trust: 0.3

vendor:sunmodel:cobalt qubescope:eqversion:3

Trust: 0.3

vendor:sgimodel:irixscope:eqversion:6.5.19

Trust: 0.3

vendor:scomodel:open serverscope:eqversion:5.0.7

Trust: 0.3

vendor:scomodel:open serverscope:eqversion:5.0.6

Trust: 0.3

vendor:scomodel:open serverscope:eqversion:5.0.5

Trust: 0.3

vendor:oraclemodel:oracle9i standard editionscope:eqversion:9.2

Trust: 0.3

vendor:oraclemodel:oracle9i standard editionscope:eqversion:9.0.1

Trust: 0.3

vendor:oraclemodel:oracle9i standard editionscope:eqversion:8.1.7

Trust: 0.3

vendor:oraclemodel:oracle9i personal editionscope:eqversion:9.2

Trust: 0.3

vendor:oraclemodel:oracle9i personal editionscope:eqversion:9.0.1

Trust: 0.3

vendor:oraclemodel:oracle9i personal editionscope:eqversion:8.1.7

Trust: 0.3

vendor:oraclemodel:oracle9i enterprise editionscope:eqversion:9.2.0

Trust: 0.3

vendor:oraclemodel:oracle9i enterprise editionscope:eqversion:9.0.1

Trust: 0.3

vendor:oraclemodel:oracle9i enterprise editionscope:eqversion:8.1.7

Trust: 0.3

vendor:oraclemodel:oracle9i application serverscope:eqversion:9.0.3

Trust: 0.3

vendor:oraclemodel:oracle9i application serverscope:eqversion:9.0.2

Trust: 0.3

vendor:oraclemodel:oracle9i application serverscope:eqversion:1.0.2.2

Trust: 0.3

vendor:oraclemodel:oracle9i application server .1sscope:eqversion:1.0.2

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:9.2.0

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:9.0.1

Trust: 0.3

vendor:oraclemodel:http serverscope:eqversion:8.1.7

Trust: 0.3

vendor:opensslmodel:project openssl ascope:eqversion:0.9.7

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.7

Trust: 0.3

vendor:opensslmodel:project openssl iscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl hscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl gscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl escope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl dscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl cscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl bscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl ascope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.6

Trust: 0.3

vendor:gnumodel:transport layer security libraryscope:eqversion:0.8.4

Trust: 0.3

vendor:gnumodel:transport layer security libraryscope:eqversion:0.8.3

Trust: 0.3

vendor:gnumodel:transport layer security libraryscope:eqversion:0.8.2

Trust: 0.3

vendor:gnumodel:transport layer security libraryscope:eqversion:0.8.1

Trust: 0.3

vendor:gnumodel:transport layer security libraryscope:eqversion:0.8.0

Trust: 0.3

vendor:f5model:big-ip blade controller ptf-01scope:eqversion:4.2.3

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:4.5

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:4.4

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:4.3

Trust: 0.3

vendor:f5model:big-ipscope:eqversion:4.2

Trust: 0.3

vendor:f5model:3-dnsscope:eqversion:4.5

Trust: 0.3

vendor:f5model:3-dnsscope:eqversion:4.4

Trust: 0.3

vendor:f5model:3-dnsscope:eqversion:4.3

Trust: 0.3

vendor:f5model:3-dnsscope:eqversion:4.2

Trust: 0.3

vendor:computermodel:associates etrust security command centerscope:eqversion:1.0

Trust: 0.3

vendor:compaqmodel:tru64 bscope:eqversion:5.1

Trust: 0.3

vendor:compaqmodel:tru64 ascope:eqversion:5.1

Trust: 0.3

vendor:compaqmodel:tru64scope:eqversion:5.1

Trust: 0.3

vendor:compaqmodel:tru64 ascope:eqversion:5.0

Trust: 0.3

vendor:compaqmodel:tru64 gscope:eqversion:4.0

Trust: 0.3

vendor:compaqmodel:tru64 fscope:eqversion:4.0

Trust: 0.3

vendor:compaqmodel:openvms vaxscope:eqversion:7.3

Trust: 0.3

vendor:compaqmodel:openvms alphascope:eqversion:7.3

Trust: 0.3

vendor:compaqmodel:openvms alphascope:eqversion:7.2.1

Trust: 0.3

vendor:compaqmodel:openvms alphascope:eqversion:7.2-2

Trust: 0.3

vendor:compaqmodel:openvms -1h2 alphascope:eqversion:7.2

Trust: 0.3

vendor:compaqmodel:openvms -1h1 alphascope:eqversion:7.2

Trust: 0.3

vendor:compaqmodel:openvms vaxscope:eqversion:7.2

Trust: 0.3

vendor:compaqmodel:openvms alphascope:eqversion:7.2

Trust: 0.3

vendor:compaqmodel:openvms alphascope:eqversion:7.1-2

Trust: 0.3

vendor:compaqmodel:openvms vaxscope:eqversion:7.1

Trust: 0.3

vendor:compaqmodel:openvms alphascope:eqversion:7.1

Trust: 0.3

vendor:compaqmodel:openvms vaxscope:eqversion:6.2

Trust: 0.3

vendor:compaqmodel:openvms alphascope:eqversion:6.2

Trust: 0.3

vendor:compaqmodel:openvmsscope:eqversion:6.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.2

Trust: 0.3

vendor:opensslmodel:project openssl bscope:neversion:0.9.7

Trust: 0.3

vendor:opensslmodel:project openssl jscope:neversion:0.9.6

Trust: 0.3

vendor:hpmodel:hp-ux apache-based web serverscope:neversion:1.0.07.01

Trust: 0.3

vendor:hpmodel:hp-ux apache-based web serverscope:neversion:1.0.03.01

Trust: 0.3

vendor:hpmodel:apache-based web serverscope:neversion:1.3.27.02

Trust: 0.3

vendor:gnumodel:transport layer security libraryscope:neversion:0.8.5

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.2.5

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.2.5

Trust: 0.3

sources: CERT/CC: VU#888801 // BID: 7148 // JVNDB: JVNDB-2003-000095 // CNNVD: CNNVD-200303-076 // NVD: CVE-2003-0131

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2003-0131
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#888801
value: 4.05

Trust: 0.8

NVD: CVE-2003-0131
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200303-076
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2003-0131
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: CERT/CC: VU#888801 // JVNDB: JVNDB-2003-000095 // CNNVD: CNNVD-200303-076 // NVD: CVE-2003-0131

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0131

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200303-076

TYPE

Design Error

Trust: 0.9

sources: BID: 7148 // CNNVD: CNNVD-200303-076

CONFIGURATIONS

sources: JVNDB: JVNDB-2003-000095

PATCH

title:HPSBUX0304-255url:http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0304-255

Trust: 0.8

title:HPSBUX0304-255url:http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX0304-255.html

Trust: 0.8

title:secadv_20030319url:http://www.openssl.org/news/secadv_20030319.txt

Trust: 0.8

title:RHSA-2003:101url:https://rhn.redhat.com/errata/RHSA-2003-101.html

Trust: 0.8

title:4 Apache & SSL Security 2.0.1url:http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq4.eng&nav=patchpage

Trust: 0.8

title:XTR Apache & SSL Security 1.0.1url:http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raqxtr.eng&nav=patchpage

Trust: 0.8

title:550 Apache & SSL Security 0.0.1url:http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq550.eng&nav=patchpage

Trust: 0.8

title:TLSA-2003-22url:http://www.turbolinux.com/security/2003/TLSA-2003-22.txt

Trust: 0.8

title:#62url:http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf

Trust: 0.8

title:RHSA-2003:101url:http://www.jp.redhat.com/support/errata/RHSA/RHSA-2003-101J.html

Trust: 0.8

title:TLSA-2003-22url:http://www.turbolinux.co.jp/security/2003/TLSA-2003-22j.txt

Trust: 0.8

sources: JVNDB: JVNDB-2003-000095

EXTERNAL IDS

db:NVDid:CVE-2003-0131

Trust: 2.8

db:BIDid:7148

Trust: 2.7

db:CERT/CCid:VU#888801

Trust: 2.4

db:JVNDBid:JVNDB-2003-000095

Trust: 0.8

db:XFid:11586

Trust: 0.6

db:TRUSTIXid:2003-0013

Trust: 0.6

db:CALDERAid:CSSA-2003-014.0

Trust: 0.6

db:DEBIANid:DSA-288

Trust: 0.6

db:SGIid:20030501-01-I

Trust: 0.6

db:NETBSDid:NETBSD-SA2003-007

Trust: 0.6

db:OPENPKGid:OPENPKG-SA-2003.026

Trust: 0.6

db:BUGTRAQid:20030327 IMMUNIX SECURED OS 7+ OPENSSL UPDATE

Trust: 0.6

db:BUGTRAQid:20030319 [OPENSSL ADVISORY] KLIMA-POKORNY-ROSA ATTACK ON PKCS #1 V1.5 PADDING

Trust: 0.6

db:BUGTRAQid:20030324 GLSA: OPENSSL (200303-20)

Trust: 0.6

db:MANDRAKEid:MDKSA-2003:035

Trust: 0.6

db:SUSEid:SUSE-SA:2003:024

Trust: 0.6

db:OVALid:OVAL:ORG.MITRE.OVAL:DEF:461

Trust: 0.6

db:REDHATid:RHSA-2003:102

Trust: 0.6

db:REDHATid:RHSA-2003:101

Trust: 0.6

db:GENTOOid:GLSA-200303-20

Trust: 0.6

db:CONECTIVAid:CLA-2003:625

Trust: 0.6

db:CNNVDid:CNNVD-200303-076

Trust: 0.6

db:PACKETSTORMid:169675

Trust: 0.1

sources: CERT/CC: VU#888801 // BID: 7148 // JVNDB: JVNDB-2003-000095 // PACKETSTORM: 169675 // CNNVD: CNNVD-200303-076 // NVD: CVE-2003-0131

REFERENCES

url:http://www.securityfocus.com/archive/1/316577/30/25310/threaded

Trust: 4.0

url:http://eprint.iacr.org/2003/052/

Trust: 3.8

url:http://www.openssl.org/news/secadv_20030319.txt

Trust: 3.5

url:http://www.securityfocus.com/bid/7148

Trust: 3.4

url:http://www.kb.cert.org/vuls/id/888801

Trust: 2.6

url:http://www.redhat.com/support/errata/rhsa-2003-102.html

Trust: 2.6

url:http://www.redhat.com/support/errata/rhsa-2003-101.html

Trust: 2.6

url:http://www.linuxsecurity.com/advisories/immunix_advisory-3066.html

Trust: 2.6

url:http://www.debian.org/security/2003/dsa-288

Trust: 2.6

url:http://lists.apple.com/mhonarc/security-announce/msg00028.html

Trust: 2.6

url:ftp://patches.sgi.com/support/free/security/advisories/20030501-01-i

Trust: 2.6

url:ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2003-007.txt.asc

Trust: 2.6

url:http://www.openpkg.org/security/openpkg-sa-2003.026-openssl.html

Trust: 2.6

url:http://www.mandriva.com/security/advisories?name=mdksa-2003:035

Trust: 2.6

url:http://www.gentoo.org/security/en/glsa/glsa-200303-20.xml

Trust: 2.6

url:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625

Trust: 2.6

url:ftp://ftp.sco.com/pub/security/openlinux/cssa-2003-014.0.txt

Trust: 2.6

url:http://marc.info/?l=bugtraq&m=104811162730834&w=2

Trust: 2.0

url:http://marc.info/?l=bugtraq&m=104852637112330&w=2

Trust: 2.0

url:http://marc.info/?l=bugtraq&m=104878215721135&w=2

Trust: 2.0

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/11586

Trust: 2.0

url:https://lists.opensuse.org/opensuse-security-announce/2003-04/msg00005.html

Trust: 2.0

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a461

Trust: 2.0

url:http://www.i.cz/en/onas/tisk7.html

Trust: 0.8

url:http://www.i.cz/en/onas/tisk8.html

Trust: 0.8

url:http://www.ietf.org/rfc/rfc2246.txt

Trust: 0.8

url:http://link.springer.de/link/service/series/0558/papers/1462/14620001.pdf

Trust: 0.8

url:http://www.rsasecurity.com/rsalabs/pkcs1/qa.html

Trust: 0.8

url:ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf

Trust: 0.8

url:ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1v2.asc

Trust: 0.8

url:ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1.asc

Trust: 0.8

url:ftp://ftp.rsasecurity.com/pub/pdfs/bulletn7.pdf

Trust: 0.8

url:http://www.ietf.org/rfc/rfc2408.txt

Trust: 0.8

url:http://www.ietf.org/rfc/rfc2409.txt

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0131

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0131

Trust: 0.8

url:http://marc.theaimsgroup.com/?l=bugtraq&m=104811162730834&w=2

Trust: 0.6

url:http://xforce.iss.net/xforce/xfdb/11586

Trust: 0.6

url:http://www.novell.com/linux/security/advisories/2003_024_openssl.html

Trust: 0.6

url:http://www.suse.de/de/security/2003_024_openssl.html

Trust: 0.6

url:http://www.securityfocus.com/archive/1/archive/1/316577/30/25310/threaded

Trust: 0.6

url:http://marc.theaimsgroup.com/?l=bugtraq&m=104878215721135&w=2

Trust: 0.6

url:http://marc.theaimsgroup.com/?l=bugtraq&m=104852637112330&w=2

Trust: 0.6

url:http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:461

Trust: 0.6

url:http://www.info.apple.com/usen/security/security_updates.html

Trust: 0.3

url:http://metalink.oracle.com

Trust: 0.3

url:http://otn.oracle.com/deploy/security/pdf/2003alert62.pdf

Trust: 0.3

url:/archive/1/315632

Trust: 0.3

url:/archive/1/315884

Trust: 0.3

url:https://eprint.iacr.org/2003/052/)

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=can-2003-0131

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2003-0131

Trust: 0.1

sources: CERT/CC: VU#888801 // BID: 7148 // JVNDB: JVNDB-2003-000095 // PACKETSTORM: 169675 // CNNVD: CNNVD-200303-076 // NVD: CVE-2003-0131

CREDITS

Discovery credited to Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa.

Trust: 0.9

sources: BID: 7148 // CNNVD: CNNVD-200303-076

SOURCES

db:CERT/CCid:VU#888801
db:BIDid:7148
db:JVNDBid:JVNDB-2003-000095
db:PACKETSTORMid:169675
db:CNNVDid:CNNVD-200303-076
db:NVDid:CVE-2003-0131

LAST UPDATE DATE

2024-11-22T22:57:13.086000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#888801date:2004-08-25T00:00:00
db:BIDid:7148date:2009-07-11T21:06:00
db:JVNDBid:JVNDB-2003-000095date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200303-076date:2005-10-20T00:00:00
db:NVDid:CVE-2003-0131date:2024-11-20T23:44:02.030

SOURCES RELEASE DATE

db:CERT/CCid:VU#888801date:2003-04-23T00:00:00
db:BIDid:7148date:2003-03-19T00:00:00
db:JVNDBid:JVNDB-2003-000095date:2007-04-01T00:00:00
db:PACKETSTORMid:169675date:2003-03-19T12:12:12
db:CNNVDid:CNNVD-200303-076date:2003-03-24T00:00:00
db:NVDid:CVE-2003-0131date:2003-03-24T05:00:00