CVE-2007-3108

Severity

12%

Complexity

19%

Confidentiality

48%

The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.

The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.

CVSS 2.0 Base Score 1.2. CVSS Attack Vector: local. CVSS Attack Complexity: high. CVSS Vector: (AV:L/AC:H/Au:N/C:P/I:N/A:N).

Overview

First reported 17 years ago

2007-08-08 01:17:00

Last updated 6 years ago

2018-10-16 16:47:00

Affected Software

OpenSSL Project OpenSSL

References

http://cvs.openssl.org/chngview?cn=16275

[Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages

http://openssl.org/news/patch-CVE-2007-3108.txt

26411

26893

27021

27078

27097

27205

27330

27770

27870

28368

30161

30220

31467

31489

31531

GLSA-200710-06

http://support.attachmate.com/techdocs/2374.html

http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm

http://www.bluecoat.com/support/securityadvisories/advisory_openssl_rsa_key_reconstruction_vulnerability

DSA-1571

GLSA-200805-07

VU#724968

US Government Resource

http://www.kb.cert.org/vuls/id/RGII-74KLP3

MDKSA-2007:193

RHSA-2007:0813

RHSA-2007:0964

RHSA-2007:1003

20070813 FLEA-2007-0043-1 openssl

20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages

20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages

25163

Patch

http://www.vmware.com/security/advisories/VMSA-2008-0001.html

http://www.vmware.com/security/advisories/VMSA-2008-0013.html

ADV-2007-2759

ADV-2007-4010

ADV-2008-0064

ADV-2008-2361

ADV-2008-2362

ADV-2008-2396

https://issues.rpath.com/browse/RPL-1613

https://issues.rpath.com/browse/RPL-1633

oval:org.mitre.oval:def:9984

USN-522-1

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.