|
|
OpenSSL Timing Attack RSA Private Key Information Disclosure Vulnerability
|
Bugtraq ID:
|
7101
|
|
Class:
|
Configuration Error
|
|
CVE:
|
CAN-2003-0147
|
|
Remote:
|
Yes
|
|
Local:
|
No
|
|
Published:
|
Mar 14 2003 12:00AM
|
|
Updated:
|
Mar 14 2003 12:00AM
|
|
Credit:
|
Discovery credited to David Brumley and Dan Boneh.
|
|
Vulnerable:
|
Van Dyke Technologies SecureCRT 4.0.4
Van Dyke Technologies SecureCRT 4.0.3
Van Dyke Technologies SecureCRT 4.0.2
Van Dyke Technologies SecureCRT 4.0.1
Van Dyke Technologies SecureCRT 3.4.8
Van Dyke Technologies SecureCRT 3.4.7
Van Dyke Technologies SecureCRT 3.4.6
Van Dyke Technologies SecureCRT 3.4.5
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 95
-
Microsoft Windows 98
-
Microsoft Windows ME
-
Microsoft Windows NT Workstation 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6
-
Microsoft Windows NT Workstation 4.0 SP5
-
Microsoft Windows NT Workstation 4.0 SP4
-
Microsoft Windows NT Workstation 4.0 SP3
-
Microsoft Windows NT Workstation 4.0 SP2
-
Microsoft Windows NT Workstation 4.0 SP1
-
Microsoft Windows NT Workstation 4.0
-
Microsoft Windows XP Home
-
Microsoft Windows XP Professional
Van Dyke Technologies SecureCRT 3.4.4
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 95
-
Microsoft Windows 98
-
Microsoft Windows ME
-
Microsoft Windows NT Workstation 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6
-
Microsoft Windows NT Workstation 4.0 SP5
-
Microsoft Windows NT Workstation 4.0 SP4
-
Microsoft Windows NT Workstation 4.0 SP3
-
Microsoft Windows NT Workstation 4.0 SP2
-
Microsoft Windows NT Workstation 4.0 SP1
-
Microsoft Windows NT Workstation 4.0
-
Microsoft Windows XP Home
-
Microsoft Windows XP Professional
Van Dyke Technologies SecureCRT 3.4.3
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 95
-
Microsoft Windows 98
-
Microsoft Windows ME
-
Microsoft Windows NT Workstation 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6
-
Microsoft Windows NT Workstation 4.0 SP5
-
Microsoft Windows NT Workstation 4.0 SP4
-
Microsoft Windows NT Workstation 4.0 SP3
-
Microsoft Windows NT Workstation 4.0 SP2
-
Microsoft Windows NT Workstation 4.0 SP1
-
Microsoft Windows NT Workstation 4.0
-
Microsoft Windows XP Home
-
Microsoft Windows XP Professional
Van Dyke Technologies SecureCRT 3.4.2
-
Microsoft Windows 2000 Professional SP2
-
Microsoft Windows 2000 Professional SP1
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 95
-
Microsoft Windows 98
-
Microsoft Windows ME
-
Microsoft Windows NT Workstation 4.0 SP6a
-
Microsoft Windows NT Workstation 4.0 SP6
-
Microsoft Windows NT Workstation 4.0 SP5
-
Microsoft Windows NT Workstation 4.0 SP4
-
Microsoft Windows NT Workstation 4.0 SP3
-
Microsoft Windows NT Workstation 4.0 SP2
-
Microsoft Windows NT Workstation 4.0 SP1
-
Microsoft Windows NT Workstation 4.0
-
Microsoft Windows XP Home
-
Microsoft Windows XP Professional
Van Dyke Technologies SecureCRT 3.4.1
Van Dyke Technologies SecureCRT 3.4
Van Dyke Technologies SecureCRT 3.3.4
Van Dyke Technologies SecureCRT 3.3.3
Van Dyke Technologies SecureCRT 3.3.2
Van Dyke Technologies SecureCRT 3.3.1
Van Dyke Technologies SecureCRT 3.3
Van Dyke Technologies SecureCRT 3.2.2
Van Dyke Technologies SecureCRT 3.2.1
Van Dyke Technologies SecureCRT 3.2
Van Dyke Technologies SecureCRT 3.1.2
Van Dyke Technologies SecureCRT 3.1.1
Van Dyke Technologies SecureCRT 3.1
Van Dyke Technologies SecureCRT 3.0
Van Dyke Technologies SecureCRT 2.4
Sun Cobalt RaQ XTR
Sun Cobalt RaQ 550
Sun Cobalt RaQ 4
Sun Cobalt Qube 3
Stunnel Stunnel 4.0 4
Stunnel Stunnel 4.0 3
Stunnel Stunnel 4.0 2
Stunnel Stunnel 4.0 1
Stunnel Stunnel 4.0 0
Stunnel Stunnel 3.22
Stunnel Stunnel 3.21
Stunnel Stunnel 3.19
+
RedHat Linux 7.2 ia64
+
RedHat Linux 7.2 i386
Stunnel Stunnel 3.18
Stunnel Stunnel 3.17
Stunnel Stunnel 3.16
Stunnel Stunnel 3.15
Stunnel Stunnel 3.14
-
Conectiva Linux 7.0
Stunnel Stunnel 3.13
Stunnel Stunnel 3.12
-
Microsoft Windows 2000 Professional
-
Microsoft Windows 98
-
Sun Solaris 8
-
Sun Solaris 7.0
Stunnel Stunnel 3.11
Stunnel Stunnel 3.9
Stunnel Stunnel 3.8
+
Conectiva Linux 6.0
+
Conectiva Linux 5.1
+
Conectiva Linux 5.0
+
Conectiva Linux 4.2
+
Conectiva Linux 4.1
+
Conectiva Linux 4.0 es
+
Conectiva Linux 4.0
-
Debian Linux 2.3
-
Debian Linux 2.2
-
Debian Linux 2.1
-
Debian Linux 2.0
+
EnGarde Secure Linux 1.0.1
-
FreeBSD FreeBSD 5.0
-
FreeBSD FreeBSD 4.2
-
FreeBSD FreeBSD 4.1
-
FreeBSD FreeBSD 4.0
-
OpenBSD OpenBSD 2.8
-
OpenBSD OpenBSD 2.7
-
OpenBSD OpenBSD 2.6
-
OpenBSD OpenBSD 2.5
-
OpenBSD OpenBSD 2.4
-
OpenBSD OpenBSD 2.3
-
OpenBSD OpenBSD 2.1
-
OpenBSD OpenBSD 2.0
-
RedHat Linux 7.0
-
RedHat Linux 6.0 x
-
RedHat Linux 5.0
Stunnel Stunnel 3.7
Stunnel Stunnel 3.20
+
MandrakeSoft Linux Mandrake 8.1 ia64
+
MandrakeSoft Linux Mandrake 8.1
Stunnel Stunnel 3.10
SSH Communications Security IPSEC Express Toolkit
SSH Communications Security Certificate/TLS Toolkit
SGI IRIX 6.5.19
Oracle Oracle9i Standard Edition 9.2
Oracle Oracle9i Standard Edition 9.0.1
Oracle Oracle9i Standard Edition 8.1.7
Oracle Oracle9i Personal Edition 9.2
Oracle Oracle9i Personal Edition 9.0.1
Oracle Oracle9i Personal Edition 8.1.7
Oracle Oracle9i Enterprise Edition 9.2 .0
Oracle Oracle9i Enterprise Edition 9.0.1
Oracle Oracle9i Enterprise Edition 8.1.7
Oracle Oracle9i Application Server 9.0.3
Oracle Oracle9i Application Server 9.0.2
Oracle Oracle9i Application Server 1.0.2 .2
Oracle Oracle9i Application Server 1.0.2 .1s
Oracle Oracle HTTP Server 9.2 .0
+
Apache Software Foundation Apache 1.3.22
Oracle Oracle HTTP Server 9.0.1
Oracle Oracle HTTP Server 8.1.7
+
Apache Software Foundation Apache 1.3.12
+
Oracle Oracle8 8.1.7
+
Oracle Oracle8i Enterprise Edition 8.1.7 .0.0
+
Oracle Oracle8i Standard Edition 8.1.7
OpenSSL Project OpenSSL 0.9.7 a
+
Conectiva Linux 9.0
+
OpenPKG OpenPKG Current
OpenSSL Project OpenSSL 0.9.7
OpenSSL Project OpenSSL 0.9.6 i
+
HP Apache-Based Web Server 1.3.27 .01
+
HP Apache-Based Web Server 1.3.27 .00
+
HP HP-UX Apache-Based Web Server 1.0.1 .01
+
HP HP-UX Apache-Based Web Server 1.0 .07.01
+
HP HP-UX Apache-Based Web Server 1.0 .06.02
+
HP HP-UX Apache-Based Web Server 1.0 .06.01
+
HP HP-UX Apache-Based Web Server 1.0 .05.01
+
HP HP-UX Apache-Based Web Server 1.0 .04.01
+
HP HP-UX Apache-Based Web Server 1.0 .03.01
+
HP HP-UX Apache-Based Web Server 1.0 .02.01
+
HP HP-UX Apache-Based Web Server 1.0 .01
+
MandrakeSoft Corporate Server 2.1 x86_64
+
MandrakeSoft Corporate Server 2.1
+
MandrakeSoft Linux Mandrake 9.1 ppc
+
MandrakeSoft Linux Mandrake 9.1
+
MandrakeSoft Linux Mandrake 9.0
+
S.u.S.E. Linux Personal 8.2
OpenSSL Project OpenSSL 0.9.6 h
OpenSSL Project OpenSSL 0.9.6 g
OpenSSL Project OpenSSL 0.9.6 e
+
FreeBSD FreeBSD 4.6 -RELEASE
+
FreeBSD FreeBSD 4.6
OpenSSL Project OpenSSL 0.9.6 d
+
Slackware Linux 8.1
OpenSSL Project OpenSSL 0.9.6 c
+
Conectiva Linux 8.0
+
Debian Linux 3.0 sparc
+
Debian Linux 3.0 s/390
+
Debian Linux 3.0 ppc
+
Debian Linux 3.0 mipsel
+
Debian Linux 3.0 mips
+
Debian Linux 3.0 m68k
+
Debian Linux 3.0 ia-64
+
Debian Linux 3.0 ia-32
+
Debian Linux 3.0 hppa
+
Debian Linux 3.0 arm
+
Debian Linux 3.0 alpha
+
Debian Linux 3.0
+
MandrakeSoft Linux Mandrake 8.2
+
S.u.S.E. Linux 8.0 i386
+
S.u.S.E. Linux 8.0
OpenSSL Project OpenSSL 0.9.6 b
OpenSSL Project OpenSSL 0.9.6 a
+
Conectiva Linux 7.0
+
NetBSD NetBSD 1.5.3
+
NetBSD NetBSD 1.5.2
+
NetBSD NetBSD 1.5.1
+
NetBSD NetBSD 1.5
+
S.u.S.E. Linux 7.2 i386
+
S.u.S.E. Linux 7.1 sparc
+
S.u.S.E. Linux 7.1 ppc
+
S.u.S.E. Linux 7.1 alpha
+
S.u.S.E. Linux 7.1
OpenSSL Project OpenSSL 0.9.6
+
Caldera OpenLinux Server 3.1.1
+
Caldera OpenLinux Server 3.1
+
Caldera OpenLinux Workstation 3.1.1
+
Caldera OpenLinux Workstation 3.1
+
Conectiva Linux 6.0
+
EnGarde Secure Linux 1.0.1
+
HP Secure OS software for Linux 1.0
+
MandrakeSoft Linux Mandrake 8.0 ppc
+
MandrakeSoft Linux Mandrake 8.0
+
NetBSD NetBSD 1.6 beta
+
NetBSD NetBSD 1.6
+
NetBSD NetBSD 1.5.3
+
NetBSD NetBSD 1.5.2
+
NetBSD NetBSD 1.5.1
+
NetBSD NetBSD 1.5
+
OpenBSD OpenBSD 2.9
+
OpenPKG OpenPKG 1.0
+
RedHat Linux 7.3 i386
+
RedHat Linux 7.3
+
RedHat Linux 7.2 i386
+
RedHat Linux 7.2 alpha
+
RedHat Linux 7.1 i386
+
RedHat Linux 7.1 alpha
+
RedHat Linux 7.0 sparc
+
RedHat Linux 7.0 i386
+
RedHat Linux 7.0 alpha
+
Trustix Secure Linux 1.5
+
Trustix Secure Linux 1.2
+
Trustix Secure Linux 1.1
OpenPKG OpenPKG 1.2
OpenPKG OpenPKG 1.1
OpenPKG OpenPKG Current
mod_ssl mod_ssl 2.8.14
+
Slackware Linux 9.0
Intoto iGateway 3.2
HP HP-UX 11.22
HP HP-UX 11.11
HP HP-UX 11.0
GNU Transport Layer Security Library 0.8.5
GNU Transport Layer Security Library 0.8.4
GNU Transport Layer Security Library 0.8.3
GNU Transport Layer Security Library 0.8.2
GNU Transport Layer Security Library 0.8.1
GNU Transport Layer Security Library 0.8 .0
GNU libgcrypt 1.1.12
GNU libgcrypt 1.1.11
GNU libgcrypt 1.1.10
GNU libgcrypt 1.1.9
GNU libgcrypt 1.1.8
Foundry Networks Ironview
F5 BigIP 4.5
F5 BigIP 4.4
F5 BigIP 4.3
F5 BigIP 4.2
F5 BIG-IP Blade Controller 4.2.3 PTF-01
F5 3-DNS 4.5
Crypto++ Crypto++ Library 5.0
Crypto++ Crypto++ Library 4.2
Covalent Fast Start Server 3.3
Covalent Fast Start Server 3.2
Covalent Fast Start Server 3.1
Covalent Enterprise Ready Server 2.3
Covalent Enterprise Ready Server 2.2
Covalent Enterprise Ready Server 2.1
Computer Associates eTrust Security Command Center 1.0
Compaq Tru64 5.1 b
Compaq Tru64 5.1 a
Compaq Tru64 5.1
Compaq Tru64 5.0 a
Compaq Tru64 4.0 g
Compaq Tru64 4.0 f
Compaq OpenVMS 7.3 VAX
Compaq OpenVMS 7.3 Alpha
Compaq OpenVMS 7.2.1 Alpha
Compaq OpenVMS 7.2 -2 Alpha
Compaq OpenVMS 7.2 -1H2 Alpha
Compaq OpenVMS 7.2 -1H1 Alpha
Compaq OpenVMS 7.2 VAX
Compaq OpenVMS 7.2 Alpha
Compaq OpenVMS 7.1 -2 Alpha
Compaq OpenVMS 7.1 VAX
Compaq OpenVMS 7.1 Alpha
Compaq OpenVMS 6.2 VAX
Compaq OpenVMS 6.2 Alpha
Compaq OpenVMS 6.2
|
|
|
|
Not Vulnerable:
|
Van Dyke Technologies SecureCRT 4.0.5
OpenSSL Project OpenSSL 0.9.7 b
+
OpenPKG OpenPKG 1.3
OpenSSL Project OpenSSL 0.9.6 j
OpenSSH OpenSSH 3.6.1
+
Novell Netware 6.5
HP HP-UX Apache-Based Web Server 1.0 .07.01
Crypto++ Crypto++ Library 5.1
|
|
|
