Back to search
CVE-2003-0078
Published: Sep 1, 2004
Modified: Aug 8, 2024
PUBLISHED
Description
ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
3945
vdb-entry
x_refsource_OSVDB
ssl-cbc-information-leak(11369)
vdb-entry
x_refsource_XF
http://www.openssl.org/news/secadv_20030219.txt
x_refsource_CONFIRM
2003-0005
vendor-advisory
x_refsource_TRUSTIX
DSA-253
vendor-advisory
x_refsource_DEBIAN
RHSA-2003:205
vendor-advisory
x_refsource_REDHAT
ESA-20030220-005
vendor-advisory
x_refsource_ENGARDE
N-051
third-party-advisory
government-resource
x_refsource_CIAC
20030219 OpenSSL 0.9.7a and 0.9.6i released
mailing-list
x_refsource_BUGTRAQ
RHSA-2003:104
vendor-advisory
x_refsource_REDHAT
6884
vdb-entry
x_refsource_BID
MDKSA-2003:020
vendor-advisory
x_refsource_MANDRAKE
CLSA-2003:570
vendor-advisory
x_refsource_CONECTIVA
20030219 [OpenPKG-SA-2003.013] OpenPKG Security Advisory (openssl)
mailing-list
x_refsource_BUGTRAQ
GLSA-200302-10
vendor-advisory
x_refsource_GENTOO
RHSA-2003:082
vendor-advisory
x_refsource_REDHAT
RHSA-2003:063
vendor-advisory
x_refsource_REDHAT
RHSA-2003:062
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now