CVE-2003-0131

Severity

75%

Complexity

99%

Confidentiality

106%

The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack."

The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack."

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

OpenSSL Project OpenSSL

First reported 21 years ago

2003-03-24 05:00:00

Last updated 6 years ago

2018-10-19 15:29:00

Affected Software

OpenSSL Project OpenSSL 0.9.6

0.9.6

OpenSSL Project OpenSSL 0.9.6a

0.9.6a

OpenSSL Project OpenSSL 0.9.6b

0.9.6b

OpenSSL Project OpenSSL 0.9.6c

0.9.6c

OpenSSL Project OpenSSL 0.9.6d

0.9.6d

OpenSSL Project OpenSSL 0.9.6e

0.9.6e

OpenSSL Project OpenSSL 0.9.6g

0.9.6g

OpenSSL Project OpenSSL 0.9.6h

0.9.6h

OpenSSL Project OpenSSL 0.9.6i

0.9.6i

OpenSSL Project OpenSSL 0.9.7

0.9.7

OpenSSL Project OpenSSL 0.9.7a

0.9.7a

References

NetBSD-SA2003-007

CSSA-2003-014.0

20030501-01-I

CLA-2003:625

http://eprint.iacr.org/2003/052/

Vendor Advisory

http://lists.apple.com/mhonarc/security-announce/msg00028.html

20030319 [OpenSSL Advisory] Klima-Pokorny-Rosa attack on PKCS #1 v1.5 padding

20030324 GLSA: openssl (200303-20)

2003-0013

DSA-288

GLSA-200303-20

VU#888801

Third Party Advisory, US Government Resource

http://www.linuxsecurity.com/advisories/immunix_advisory-3066.html

MDKSA-2003:035

OpenPKG-SA-2003.026

http://www.openssl.org/news/secadv_20030319.txt

RHSA-2003:101

RHSA-2003:102

IMNX-2003-7+-001-01

7148

Patch, Vendor Advisory

ssl-premaster-information-leak(11586)

SuSE-SA:2003:024

oval:org.mitre.oval:def:461

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.