OpenSSL Montgomery Exponentiation Side-Channel Local Information Disclosure Vulnerability

Bugtraq ID:	25163
Class:	Design Error
CVE:	CVE-2007-3108
Remote:	No
Local:	Yes
Published:	Aug 01 2007 12:00AM
Updated:	Aug 25 2008 11:15PM
Credit:	The vendor disclosed this issue.
Vulnerable:	VMWare Workstation for Linux 0 VMWare Workstation 6.0.4 build 93057 VMWare Workstation 6.0.4 VMWare Workstation 6.0.3 Build 80004 VMWare Workstation 6.0.3 VMWare Workstation 6.0.2 VMWare Workstation 6.0.1 VMWare Workstation 6.0 VMWare Workstation 5.5.7 build 91707 VMWare Workstation 5.5.7 VMWare Workstation 5.5.6 Build 80404 VMWare Workstation 5.5.6 VMWare Workstation 5.5.5 VMWare Workstation 5.5.4 build 44386 VMWare Workstation 5.5.4 VMWare Workstation 5.5.3 build 42958 VMWare Workstation 5.5.3 build 34685 VMWare Workstation 4.5.2 VMWare VMWare Workstation 5.5.4 VMWare VMWare Workstation 5.5.1 Build 19175 VMWare VMWare Workstation 5.5.1 VMWare VMWare Workstation 5.5 VMWare VMWare Workstation 5.0 .0 build-13124 VMWare VMWare Workstation 4.5.2 VMWare VMWare Workstation 4.0.2 VMWare VMWare Workstation 4.0.1 VMWare VMWare Workstation 4.0 VMWare VMWare Workstation 3.4 VMWare VMWare Workstation 3.2.1 patch 1 VMWare VMWare Workstation 5.5.4 Build 44386 VMWare VMWare Workstation 0 VMWare VirtualCenter Management Server 2 VMWare VirtualCenter client 2.0.1 VMWare VirtualCenter client 2.0 VMWare VirtualCenter client 1.4 VMWare VirtualCenter client 2.0.1 Patch 1 VMWare VirtualCenter client 1.4.1 Patch 1 VMWare VirtualCenter client 1.4.1 VMWare VirtualCenter client 1.3.1 VMWare VirtualCenter 2.0.2 VMWare VirtualCenter 2.5 Update 5 VMWare VirtualCenter 2.5 Update 2 VMWare VirtualCenter 2.5 Update 1 VMWare VirtualCenter 2.5 VMWare VirtualCenter 2.0.2 Update 5 VMWare VirtualCenter 2.0.2 Update 4 VMWare VirtualCenter 2.0.2 Update 3 VMWare VirtualCenter 2.0.2 Update 2 VMWare VirtualCenter 2.0.2 Update 1 VMWare Server for Linux 0 VMWare Server Console 1.0.5 build 80187 VMWare Server 1.0.6 build 91891 VMWare Server 1.0.6 VMWare Server 1.0.5 Build 80187 VMWare Server 1.0.5 VMWare Server 1.0.4 VMWare Server 1.0.3 VMWare Server 1.0.2 VMWare Server RC-1 VMWare Server Beta VMWare Player for Linux 0 VMWare Player 2.0.4 build 93057 VMWare Player 2.0.4 VMWare Player 2.0.3 Build 80004 VMWare Player 2.0.2 VMWare Player 2.0.1 VMWare Player 2.0 VMWare Player 1.0.7 build 91707 VMWare Player 1.0.6 Build 80404 VMWare Player 1.0.6 VMWare Player 1.0.5 VMWare Player 1.0.4 VMWare Player 1.0.3 VMWare Player 1.0.2 VMWare Player 1.0.1 Build 19317 VMWare Player VMWare Fusion 1.1.2 VMWare Fusion 1.1.1 VMWare Fusion 1.1 VMWare Fusion 1.1.2 build 87978 VMWare Fusion 1.0 VMWare ESXi Server 3.5 VMWare ESX Server 3.0.2 VMWare ESX Server 3.0.1 VMWare ESX Server 2.5.5 patch 2 VMWare ESX Server 2.5.5 VMWare ESX Server 2.5.4 patch 13 VMWare ESX Server 2.5.4 VMWare ESX Server 3.5 VMWare ACE 2.0.3 VMWare ACE 2.0.2 build 93057 VMWare ACE 2.0.2 VMWare ACE 2.0.1 VMWare ACE 2.0 VMWare ACE 1.0.5 VMWare ACE 1.0.4 VMWare ACE 1.0.3 VMWare ACE 1.0.2 Build 19206 VMWare ACE 1.0.2 VMWare ACE 1.0 VMWare ACE 1.0.5 build 79846 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Turbolinux Turbolinux Server 10.0 Turbolinux Turbolinux Server 10.0.0 x64 TurboLinux Personal TurboLinux Multimedia Turbolinux FUJI 0 Turbolinux Appliance Server Workgroup Edition 1.0 Turbolinux Appliance Server Hosting Edition 1.0 Turbolinux Appliance Server 1.0 Workgroup Edition Turbolinux Appliance Server 1.0 Hosting Edition Turbolinux Appliance Server 2.0 TransSoft Broker FTP Server 8.0 rPath rPath Linux 1 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux WS 2.1 IA64 RedHat Enterprise Linux WS 2.1 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux ES 2.1 IA64 RedHat Enterprise Linux ES 2.1 RedHat Enterprise Linux Desktop Workstation 5 client RedHat Enterprise Linux Desktop 5 client RedHat Enterprise Linux AS 4 RedHat Enterprise Linux AS 3 RedHat Enterprise Linux AS 2.1 IA64 RedHat Enterprise Linux AS 2.1 RedHat Enterprise Linux 5 server RedHat Desktop 4.0 RedHat Desktop 3.0 RedHat Advanced Workstation for the Itanium Processor 2.1 IA64 RedHat Advanced Workstation for the Itanium Processor 2.1 OpenSSL Project OpenSSL 0.9.8 e OpenSSL Project OpenSSL 0.9.8 d OpenSSL Project OpenSSL 0.9.8 c OpenSSL Project OpenSSL 0.9.8 b OpenSSL Project OpenSSL 0.9.8 a OpenSSL Project OpenSSL 0.9.8 + Gentoo Linux OpenBSD OpenBSD 4.0 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Linux Mandrake 2007.1 x86_64 MandrakeSoft Linux Mandrake 2007.1 MandrakeSoft Linux Mandrake 2007.0 x86_64 MandrakeSoft Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 Gentoo Linux Foresight Linux Foresight Linux 1.1 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 Blue Coat Systems SGME Blue Coat Systems SGClient 0 Blue Coat Systems ProxySG 0 Blue Coat Systems ProxyAV Blue Coat Systems Blue Coat Reporter 7.1.2 Blue Coat Systems Blue Coat Reporter 7.1.1 .1 Blue Coat Systems Blue Coat Reporter 7.0 Avaya EMMC 1.021 Avaya EMMC 1.017 Avaya Communication Manager 3.0 Avaya CCS 3.1 Avaya CCS 3.0 Avaya CCS 2.0 Avaya AES 3.1.4 Attachmate Reflection for Secure IT 7.0

Not Vulnerable:	Attachmate Reflection for Secure IT 7.0 SP1