SSL/TLS implementations that respond distinctively to an incorrect PKCS #1 v1.5 encoded SSL/TLS version number expose the premaster secret to a modified Bleichenbacher attack. An attacker could decrypt a given SSL/TLS session or forge a signature on behalf of a vulnerable application’s private RSA key.
Vlastimil Klíma, Ondᖞj Pokorný, and Tomáš Rosa have published a research paper describing a modified Bleichenbacher attack against RSA-based SSL/TLS applications. As in Bleichenbacher, the new attack uses side channel information from error messages and seeks to discover the premaster secret that is used as a basis for SSL/TLS session keys.
The Bleichenbacher attack (CA-1998-07) is computationally feasible against RSA-based applications that use Public-Key Cryptography Standard (PKCS) #1 v1.5 and return distinctive errors when the premaster secret in the Client hello message is not properly formatted. By sending a large number of chosen ciphertexts (premaster secrets) and monitoring the applications’ responses, an attacker can discover the correct premaster secret for a given SSL/TLS session. With the premaster secret for a previously captured SSL/TLS session, the attacker can generate the correct master secret and session keys and decrypt the captured session. For more information about the Bleichenbacher attack, see Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1, RSA Laboratories Bulletin Number 7, and CERT Advisory CA-1998-07.
A widely accepted defense against the Bleichenbacher attack is for an RSA/PKCS #1 application to discard a malformed premaster secret, replace it with a random value, and proceed to generate a master secret and session keys. Since the client and server use different values for the premaster secret, they will generate different session keys, and the SSL/TLS session will fail. Note that the server must not provide a response that is distinguishable based on syntax (i.e. “Bad PKCS #1 format”) or time (i.e. sending an error message immediately after discovering that the premaster secret is malformed).
The Klíma-Pokorný-Rosa attack exploits server responses to an incorrect or unexpected SSL/TLS version number that is included as part of the premaster secret (RFC 2246 section 7.4.7.1). If a server decrypts a properly formatted PKCS #1 premaster secret and discovers that the SSL/TLS version number is not what was expected, the server may immediately send an error message (“Bad SSL/TLS version number”). The authors term a server that exhibits this behavior a “bad version oracle (BVO).” Instead of using an error response to improper PKCS #1 formatting, this new attack uses an error response to an incorrect SSL/TLS version number. Klíma-Pokorný-Rosa have also introduced some optimizations to the Bleichenbacher attack, partly due to the SSL/TLS standard only using a subset of the PKCS #1 v1.5 format (section 3.2). This allows an attacker to search less space for the correct premaster secret.
This attack is feasible using widely available hardware. Under ideal laboratory conditions (100Mbps closed network, unloaded server with 2 X Pentium III 1.4GHz CPUs and 1 GB of RAM, Red Hat Linux 7.2, Apache 1.3.27/mod_ssl), the median time required for a successful attack is around 54.7 hours (~13 million guesses).
Since the SSL/TLS version number is a protocol-specific extension of the PKCS #1 format, other applications that use RSA/PKCS #1 to exchange keying information are not vulnerable to this attack. In particular, SSH1 using RSA only encrypts a session key. No version or other information is included. IKE authenticated with public key encryption is further protected by an ephemeral Diffe-Hellman exchange. For specific vendor information, see the Systems Affected section below.
An attacker who is able to capture an encrypted SSL/TLS session and query the server while it is using the same private RSA key that was used for the captured session could decrypt the captured session. An attacker could also forge a signature that appeared to be from the server (section 3.4).
Upgrade or Patch
Upgrade or apply a patch as specified by your vendor. In order to defeat this specific attack, an SSL/TLS server must not respond distinctively when a premaster secret sent by the client contains an incorrect or unexpected SSL/TLS version number. The paper recommends that an SSL/TLS server always replace the client-provided version number with the expected version number as determined from either the Client hello or Server hello messages (section 6.2).
Manage private keys
Use different private keys for different applications and servers and change keys as appropriate for your site and security policy. An attacker cannot decrypt a premaster secret encrypted with one RSA key by querying a server that uses a different key.
Monitor SSL/TLS applications and servers
Monitor RSA applications and servers for signs of attack. In the case of an attack against SSL/TLS web servers, logs may show a relatively high number of network connections and failed attempts to establish SSL/TLS sessions. Depending on baseline performance, servers may show increased CPU usage or an above average number of network connections.
888801
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: April 18, 2003 Updated: April 22, 2003
Affected
Apple: The patch from the OpenSSL team to fix this vulnerability is available in Mac OS X 10.2.5, and may be obtained via: <http://www.info.apple.com/support/downloads.html>
The vendor has not provided us with any further information regarding this vulnerability.
See also: APPLE-SA-2003-04-10.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see CLSA-2003:625.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Affected
We have addressed this issue in DSA 288
<http://www.debian.org/security/2003/dsa-288>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 18, 2003
Affected
F5 Networks has released a patch for the following products and versions:
BIG-IP versions 4.2 through 4.5
3-DNS versions 4.2 through 4.5
BIG-IP Blade Controller version 4.2.3 PTF-01
Patch locations and more information can be found here:
<http://tech.f5.com/home/bigip/solutions/security/sol2379.html>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see FreeBSD-SA-03:06.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 15, 2003 Updated: April 22, 2003
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
This issue is addressed in GnuTLS 0.8.5.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Updated: April 22, 2003
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
<<http://forums.gentoo.org/viewtopic.php?t=43402>>
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see ESA-20030320-010.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 29, 2003
Affected
SOURCE: Hewlett-Packard Company HP Services Software Security Response Team
x-ref: SSRT3518, SSRT3499
At the time of writing this document, Hewlett Packard is currently investigating the potential impact to HP’s released Operating System software products.
As further information becomes available HP will provide notice of the availability of any necessary patches through standard security bulletin announcements and be available from your normal HP Services support channel.
The vendor has not provided us with any further information regarding this vulnerability.
Please see HPSBUX0304-0255/SSRT3499.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: June 17, 2003
Affected
The AIX operating system does not ship with SSL. However, SSL is available for installation on AIX from the Linux Affinity Toolbox.
The Linux Affinity Toolbox contains OpenSSL 0.9.6g-3 which is not vulnerable to the issues discussed in CERT Vulnerability Note VU#888801 and any advisories which follow.
Users using an earlier version of OpenSSL should download the most recent version as soon as possible.
The Linux Affinity Toolbox is available at:
<http://www-1.ibm.com/servers/aix/products/aixos/linux/download.html>
This software is offered on an “as-is” and is unwarranted.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Affected
Ingrian Networks has addressed the Klima-Pokorny-Rosa attack in release 2.9.0. See http://www.ingrian.com/support or your Ingrian service representative.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Affected
Mirapoint released a fix for the attack described by Klima-Pokorny-Rosa on February 21, 2003. Details of the patch that addresses this (D3_SSL) can be found on the Mirapoint secure support center.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 21, 2003
Affected
No services using SSL/TLS are enabled by default in NetBSD, however, by enabling services built with these libraries, a system could become vulnerable to the compromise.
A description and resolution procedure is available here:
<ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-007.txt.asc>
The vendor has not provided us with any further information regarding this vulnerability.
See also the list of patches included in NetBSD 1.6.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
<<http://www.openbsd.org/errata32.html#kpr>>
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Updated: April 22, 2003
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see OpenPKG-SA-2003.026.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
This issue is addressed in OpenSSL 0.9.7b and 0.9.6j. OpenSSL has also posted an advisory that includes a patch for earlier versions.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 18, 2003
Affected
Various Red Hat products have shipped with OpenSSL packages vulnerable to this issue. Updated OpenSSL packages that contain a backported security patch to protect against this vulnerability are available along with our advisories at the URLs below. Users of the Red Hat Network can update their systems using the ‘up2date’ tool.
Red Hat Linux:
<http://rhn.redhat.com/errata/RHSA-2003-101.html>
Red Hat Enterprise Linux:
<http://rhn.redhat.com/errata/RHSA-2003-102.html>
Red Hat Stronghold Web Server 4 (Cross platform):
<http://rhn.redhat.com/errata/RHSA-2003-116.html>
Red Hat Stronghold Web Server 3:
<http://rhn.redhat.com/errata/RHSA-2003-117.html>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: May 15, 2003
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see SGI Security Advisory 20030501-01-I.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: May 23, 2003
Affected
SSH Communications Security Vendor statement for VU#888801
Not vulnerable products:
SSH Secure Shell for Servers (all versions)
SSH Secure Shell for Windows Servers (all versions)
SSH Secure Shell for Workstations (all versions)
The ssh1, ssh2 and ssh-agent protocols and applications are not vulnerable to the Klima-Pokorny-Rosa (KPR) attack because no error messages are reported from PKCS1 v1.5 decryption other than invalid PKCS1 padding. This implies there are no effective extensions to the Bleichenbacher attack such as the KPR attack against Secure Shell. The ssh1 and ssh-agent protocols have countermeasures against the Bleichenbacher attack and it is not applicable against ssh2.
Vulnerable products:
SSH Certificate/TLS Toolkit up to and including version 5.1.1
SSH IPSEC Express Toolkit up to and including version 5.1.1
A fix is available and has been delivered to SSH customers.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Updated: April 22, 2003
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
<<http://www.securityfocus.com/archive/1/315884/2003-03-19/2003-03-25/0>>
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: June 02, 2003
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
<<http://www.stonesoft.com/document/art/2949.html>>
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see SuSE-SA:2003:024.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Updated: April 22, 2003
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see TSL-2003-0013.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 18, 2003
Affected
A patch has been made available, for more information please see:
<http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-001-01>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: June 02, 2003
Affected
eSoft InstaGate software prior to version 3.1.20030425 is vulnerable. Customers can upgrade to version 3.1.20030425 through SoftPak Director.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
mod_ssl itself is not directly vulnerable. To address this vulnerability in an Apache 1.3.x/mod_ssl system, however, mod_ssl needs to be linked against a patched/updated (0.9.7b/0.9.6j) version of OpenSSL.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: May 23, 2003
Not Affected
Clavister Firewall: Not Vulnerable
Clavister VPN Client: Not Vulnerable
The IKE protocol is not vulnerable to the Klima-Pokorny-Rosa attack, as it does not provide the necessary “clues” for the Bad Version Oracle to work with.
Even IKE with RSA encryption, which is an unusual IKE mode of operation that Clavister products does not do, should be immune to this attack.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Updated: April 22, 2003
Not Affected
Covalent Technologies SSL implementations are NOT vulnerable to this or other variants of the Klima-Pokorny-Rosa attacks. No action by Covalent Technologies customers using Covalent SSL products is necessary.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 28, 2003
Not Affected
cryptlib returns a purely boolean yes/no response to incorrect data in the RSA-encrypted premaster secret, with no specific error details provided. It is not vulnerable to the bad-version oracle attack.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: June 02, 2003
Not Affected
Fujitsu’s UXP/V o.s. is not affected by the problem in VU#888801 because it does not support the RSA-based SSL/TLS.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Updated: April 22, 2003
Not Affected
Libgcrypt only recently provides pkcs#1 creation within the library but there is no pkcs#1 parsing yet implemented. So Libgcrypt itself is too dumb to be affected. GnuPG is not affected because it is a store and forward system and not easily usable in an online setting.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Not Affected
…glibc doesn’t do RSA.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: May 21, 2003
Not Affected
Hitachi Web Server is NOT Vulnerable to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The KAME IKE daemon (racoon) does not support the “Authenticated With Public Key Encryption” exchange methods.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Not Affected
The netfilter/iptables subsystem of the linux kernel is not affected, since it doesn’t include any SSL/TLS support.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Not Affected
PuTTY cannot be vulnerable to any attack of this type in the SSH1 transport layer, since it is an SSH client only and the RSA decryption is done in the server. An SSH agent could feasibly be vulnerable if it reported SSH_AGENT_FAILURE in response to PKCS encoding errors, but PuTTY’s agent implementation (Pageant) will never do this, so it is believed safe.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: May 21, 2003
Not Affected
RSA BSAFE SSL-C (all versions) SSLv3 and TLSv1 implementations are not vulnerable to the Klima-Pokorny-Rosa attack.
RSA BSAFE SSL-J SSLv3 and TLSv1 implementations are not vulnerable to the Klima-Pokorny-Rosa attack.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Not Affected
TTSSH is not vulnerable because there is no way to get TTSSH to perform a large number of RSA operations automatically. We perform one or two RSA operations each time the user connects to the server, and every server connection requires user interaction.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: May 27, 2003
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see MDKSA-2003:035.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
Notified: April 18, 2003 Updated: April 22, 2003
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23888801 Feedback>).
View all 118 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | 0 | AV:–/AC:–/Au:–/C:–/I:–/A:– |
Temporal | 0 | E:ND/RL:ND/RC:ND |
Environmental | 0 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
This vulnerability was researched and documented by Vlastimil Klíma, Ondᖞj Pokorný, and Tomáš Rosa.
This document was written by Art Manion.
CVE IDs: | CVE-2003-0131 |
---|---|
Severity Metric: | 4.05 Date Public: |
ftp://ftp.rsasecurity.com/pub/pdfs/bulletn7.pdf
ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1.asc
ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1v2.asc
ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf
eprint.iacr.org/2003/052/
link.springer.de/link/service/series/0558/papers/1462/14620001.pdf
www.i.cz/en/onas/tisk7.html
www.i.cz/en/onas/tisk8.html
www.ietf.org/rfc/rfc2246.txt
www.ietf.org/rfc/rfc2408.txt
www.ietf.org/rfc/rfc2409.txt
www.openssl.org/news/secadv_20030319.txt
www.rsasecurity.com/rsalabs/pkcs1/qa.html