CVE-2007-3108

Published: Aug 8, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://support.attachmate.com/techdocs/2374.html

x_refsource_CONFIRM

http://www.kb.cert.org/vuls/id/RGII-74KLP3

x_refsource_CONFIRM

VU#724968

third-party-advisory

x_refsource_CERT-VN

26893

third-party-advisory

x_refsource_SECUNIA

DSA-1571

vendor-advisory

x_refsource_DEBIAN

27205

third-party-advisory

x_refsource_SECUNIA

20070813 FLEA-2007-0043-1 openssl

mailing-list

x_refsource_BUGTRAQ

27097

third-party-advisory

x_refsource_SECUNIA

ADV-2008-2362

vdb-entry

x_refsource_VUPEN

ADV-2007-2759

vdb-entry

x_refsource_VUPEN

oval:org.mitre.oval:def:9984

vdb-entry

signature

x_refsource_OVAL

31489

third-party-advisory

x_refsource_SECUNIA

RHSA-2007:1003

vendor-advisory

x_refsource_REDHAT

31531

third-party-advisory

x_refsource_SECUNIA

MDKSA-2007:193

vendor-advisory

x_refsource_MANDRIVA

http://www.bluecoat.com/support/securityadvisories/advisory_openssl_rsa_key_reconstruction_vulnerability

x_refsource_CONFIRM

30220

third-party-advisory

x_refsource_SECUNIA

https://issues.rpath.com/browse/RPL-1633

x_refsource_CONFIRM

ADV-2007-4010

vdb-entry

x_refsource_VUPEN

20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages

mailing-list

x_refsource_BUGTRAQ

27770

third-party-advisory

x_refsource_SECUNIA

[Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages

mailing-list

x_refsource_MLIST

26411

third-party-advisory

x_refsource_SECUNIA

USN-522-1

vendor-advisory

x_refsource_UBUNTU

http://openssl.org/news/patch-CVE-2007-3108.txt

x_refsource_CONFIRM

ADV-2008-2361

vdb-entry

x_refsource_VUPEN

31467

third-party-advisory

x_refsource_SECUNIA

RHSA-2007:0964

vendor-advisory

x_refsource_REDHAT

27870

third-party-advisory

x_refsource_SECUNIA

ADV-2008-2396

vdb-entry

x_refsource_VUPEN

27330

third-party-advisory

x_refsource_SECUNIA

30161

third-party-advisory

x_refsource_SECUNIA

GLSA-200805-07

vendor-advisory

x_refsource_GENTOO

http://www.vmware.com/security/advisories/VMSA-2008-0013.html

x_refsource_CONFIRM

28368

third-party-advisory

x_refsource_SECUNIA

http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm

x_refsource_CONFIRM

27078

third-party-advisory

x_refsource_SECUNIA

GLSA-200710-06

vendor-advisory

x_refsource_GENTOO

http://cvs.openssl.org/chngview?cn=16275

x_refsource_CONFIRM

https://issues.rpath.com/browse/RPL-1613

x_refsource_CONFIRM

RHSA-2007:0813

vendor-advisory

x_refsource_REDHAT

25163

vdb-entry

x_refsource_BID

http://www.vmware.com/security/advisories/VMSA-2008-0001.html

x_refsource_CONFIRM

ADV-2008-0064

vdb-entry

x_refsource_VUPEN

27021

third-party-advisory

x_refsource_SECUNIA

20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2007-3108

Description

Affected Products

References