OpenSSL Montgomery Exponentiation Side-Channel Local Information Disclosure Vulnerability
BID:25163
Info
OpenSSL Montgomery Exponentiation Side-Channel Local Information Disclosure Vulnerability
| Bugtraq ID: | 25163 |
| Class: | Design Error |
| CVE: |
CVE-2007-3108 |
| Remote: | No |
| Local: | Yes |
| Published: | Aug 01 2007 12:00AM |
| Updated: | Apr 14 2010 11:43PM |
| Credit: | The vendor disclosed this issue. |
| Vulnerable: |
VMWare Workstation for Linux 0 VMWare Workstation 6.0.4 build 93057 VMWare Workstation 6.0.4 VMWare Workstation 6.0.3 Build 80004 VMWare Workstation 6.0.3 VMWare Workstation 6.0.2 VMWare Workstation 6.0.1 VMWare Workstation 6.0 VMWare Workstation 5.5.7 build 91707 VMWare Workstation 5.5.7 VMWare Workstation 5.5.6 Build 80404 VMWare Workstation 5.5.6 VMWare Workstation 5.5.5 VMWare Workstation 5.5.4 build 44386 VMWare Workstation 5.5.4 VMWare Workstation 5.5.3 build 42958 VMWare Workstation 5.5.3 build 34685 VMWare Workstation 5.5.1 Build 19175 VMWare Workstation 5.5.1 VMWare Workstation 5.5 VMWare Workstation 5.0 .0 build-13124 VMWare Workstation 4.5.2 VMWare Workstation 4.0.2 VMWare Workstation 4.0.1 VMWare Workstation 4.0 VMWare Workstation 3.4 VMWare Workstation 3.2.1 patch 1 VMWare Workstation 0 VMWare VirtualCenter Management Server 2 VMWare VirtualCenter client 2.0.1 VMWare VirtualCenter client 2.0 VMWare VirtualCenter client 1.4 VMWare VirtualCenter client 2.0.1 Patch 1 VMWare VirtualCenter client 1.4.1 Patch 1 VMWare VirtualCenter client 1.4.1 VMWare VirtualCenter client 1.3.1 VMWare VirtualCenter 2.0.2 VMWare VirtualCenter 2.5 Update 5 VMWare VirtualCenter 2.5 Update 2 VMWare VirtualCenter 2.5 Update 1 VMWare VirtualCenter 2.5 VMWare VirtualCenter 2.0.2 Update 5 VMWare VirtualCenter 2.0.2 Update 4 VMWare VirtualCenter 2.0.2 Update 3 VMWare VirtualCenter 2.0.2 Update 2 VMWare VirtualCenter 2.0.2 Update 1 VMWare Server for Linux 0 VMWare Server Console 1.0.5 build 80187 VMWare Server 1.0.6 build 91891 VMWare Server 1.0.6 VMWare Server 1.0.5 Build 80187 VMWare Server 1.0.5 VMWare Server 1.0.4 VMWare Server 1.0.3 VMWare Server 1.0.2 VMWare Server RC-1 VMWare Server Beta VMWare Player for Linux 0 VMWare Player 2.0.4 build 93057 VMWare Player 2.0.4 VMWare Player 2.0.3 Build 80004 VMWare Player 2.0.2 VMWare Player 2.0.1 VMWare Player 2.0 VMWare Player 1.0.7 build 91707 VMWare Player 1.0.6 Build 80404 VMWare Player 1.0.6 VMWare Player 1.0.5 VMWare Player 1.0.4 VMWare Player 1.0.3 VMWare Player 1.0.2 VMWare Player 1.0.1 Build 19317 VMWare Player VMWare Fusion 1.1.2 VMWare Fusion 1.1.1 VMWare Fusion 1.1 VMWare Fusion 1.1.2 build 87978 VMWare Fusion 1.0 VMWare ESXi Server 3.5 VMWare ESX Server 3.0.2 VMWare ESX Server 3.0.1 VMWare ESX Server 2.5.5 patch 2 VMWare ESX Server 2.5.5 VMWare ESX Server 2.5.4 patch 13 VMWare ESX Server 2.5.4 VMWare ESX Server 3.5 VMWare ACE 2.0.3 VMWare ACE 2.0.2 build 93057 VMWare ACE 2.0.2 VMWare ACE 2.0.1 VMWare ACE 2.0 VMWare ACE 1.0.5 VMWare ACE 1.0.4 VMWare ACE 1.0.3 VMWare ACE 1.0.2 Build 19206 VMWare ACE 1.0.2 VMWare ACE 1.0 VMWare ACE 1.0.5 build 79846 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Turbolinux Turbolinux Server 10.0 Turbolinux Turbolinux Server 8.0 Turbolinux Turbolinux Server 10.0.0 x64 TurboLinux Personal TurboLinux Multimedia Turbolinux FUJI 0 Turbolinux Appliance Server Workgroup Edition 1.0 Turbolinux Appliance Server Hosting Edition 1.0 Turbolinux Appliance Server 1.0 Workgroup Edition Turbolinux Appliance Server 1.0 Hosting Edition Turbolinux Appliance Server 2.0 Sun Solaris 10_x86 Sun Solaris 10_sparc Sun OpenSolaris build snv_71 Sun OpenSolaris build snv_68 Sun OpenSolaris build snv_67 Sun OpenSolaris build snv_64 Sun OpenSolaris build snv_61 Sun OpenSolaris build snv_59 Sun OpenSolaris build snv_58 Sun OpenSolaris build snv_57 Sun OpenSolaris build snv_56 Sun OpenSolaris build snv_54 Sun OpenSolaris build snv_51 Sun OpenSolaris build snv_50 Sun OpenSolaris build snv_49 Sun OpenSolaris build snv_48 Sun OpenSolaris build snv_47 Sun OpenSolaris build snv_45 Sun OpenSolaris build snv_41 Sun OpenSolaris build snv_39 Sun OpenSolaris build snv_38 Sun OpenSolaris build snv_37 Sun OpenSolaris build snv_36 Sun OpenSolaris build snv_35 Sun OpenSolaris build snv_29 Sun OpenSolaris build snv_28 Sun OpenSolaris build snv_22 Sun OpenSolaris build snv_19 Sun OpenSolaris build snv_13 Sun OpenSolaris build snv_02 Sun OpenSolaris build snv_01 rPath rPath Linux 1 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux WS 2.1 IA64 Redhat Enterprise Linux WS 2.1 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux ES 2.1 IA64 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux Desktop Workstation 5 client Redhat Enterprise Linux Desktop 5 client Redhat Enterprise Linux AS 4 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux AS 2.1 IA64 Redhat Enterprise Linux AS 2.1 Redhat Enterprise Linux 5 Server Redhat Desktop 4.0 Redhat Desktop 3.0 Redhat Advanced Workstation for the Itanium Processor 2.1 IA64 Redhat Advanced Workstation for the Itanium Processor 2.1 OpenSSL Project OpenSSL 0.9.8 e OpenSSL Project OpenSSL 0.9.8 d OpenSSL Project OpenSSL 0.9.8 c OpenSSL Project OpenSSL 0.9.8 b OpenSSL Project OpenSSL 0.9.8 a OpenSSL Project OpenSSL 0.9.8 OpenBSD OpenBSD 4.0 Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 Gentoo Linux Foresight Linux Foresight Linux 1.1 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 Blue Coat Systems SGME Blue Coat Systems SGClient 0 Blue Coat Systems ProxySG 0 Blue Coat Systems ProxyAV Blue Coat Systems Blue Coat Reporter 7.1.2 Blue Coat Systems Blue Coat Reporter 7.1.1 .1 Blue Coat Systems Blue Coat Reporter 7.0 Avaya EMMC 1.021 Avaya EMMC 1.017 Avaya Communication Manager 3.0 Avaya CCS 3.1 Avaya CCS 3.0 Avaya CCS 2.0 Avaya Aura Application Enablement Services 3.1.4 AttachmateWRQ Reflection for Secure IT 7.0 |
| Not Vulnerable: |
Sun OpenSolaris build snv_74 AttachmateWRQ Reflection for Secure IT 7.0 SP1 |
Discussion
OpenSSL Montgomery Exponentiation Side-Channel Local Information Disclosure Vulnerability
OpenSSL is prone to a local information-disclosure vulnerability because of an implementation flaw in the RSA algorithm.
Successfully exploiting this issue allows local attackers to gain access to private key information of other processes that use the affected library. Information harvested may aid in further attacks.
OpenSSL 0.9.8 is vulnerable to this issue; other versions may also be affected.
OpenSSL is prone to a local information-disclosure vulnerability because of an implementation flaw in the RSA algorithm.
Successfully exploiting this issue allows local attackers to gain access to private key information of other processes that use the affected library. Information harvested may aid in further attacks.
OpenSSL 0.9.8 is vulnerable to this issue; other versions may also be affected.
Exploit / POC
OpenSSL Montgomery Exponentiation Side-Channel Local Information Disclosure Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
OpenSSL Montgomery Exponentiation Side-Channel Local Information Disclosure Vulnerability
Solution:
The vendor has committed a fix to their CVS repository. Contact the vendor for information on obtaining and applying fixes.
Please see the references for more information.
OpenSSL Project OpenSSL 0.9.8 c
OpenSSL Project OpenSSL 0.9.8
Solution:
The vendor has committed a fix to their CVS repository. Contact the vendor for information on obtaining and applying fixes.
Please see the references for more information.
OpenSSL Project OpenSSL 0.9.8 c
-
OpenSSL Project openssl - Check-in [16275]
http://cvs.openssl.org/chngview?cn=16275
OpenSSL Project OpenSSL 0.9.8
-
OpenSSL Project openssl - Check-in [16275]
http://cvs.openssl.org/chngview?cn=16275
References
OpenSSL Montgomery Exponentiation Side-Channel Local Information Disclosure Vulnerability
References:
References:
- CVE-2007-3108 Side-channel vulnerability in OpenSSL libraries (Sun)
- OpenSSL Homepage (OpenSSL)
- OpenSSL Information for VU#724968 (US-CERT)
- OPENSSL RSA KEY RECONSTRUCTION VULNERABILITY (Blue Coat)
- VMSA-2008-0013 Updated ESX packages for OpenSSL, net-snmp, perl (VMware Security Team
- ASA-2007-485 OpenSSL security update (RHSA-2007-0813) (Avaya)
- OpenBSD 4.0 release errata & patch list (OpenBSD)
- Red Hat Security Advisory RHSA-2007:0964-4 (Red Hat)
- RHSA-2007:0813-2 - openssl security update (RedHat)
- RHSA-2007:1003 Moderate: openssl security and bug fix update (Red Hat)
- Security Updates in 7.0 SP1 (Attachmate)
- Vulnerability Note VU#724968 (US-CERT)