Lucene search

PRIOn knowledge basePRION:CVE-2014-0076

HistoryMar 25, 2014 - 1:25 p.m.

Design/Logic Flaw

2014-03-2513:25:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

Low

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

0.0005 Low

EPSS

Percentile

14.2%

JSON

The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.

CPENameOperatorVersion
openssleq0.9.7 beta5
openssleq0.9.7 beta3
openssleq0.9.5a beta2
openssleq0.9.7 beta6
openssleq0.9.898
openssleq0.9.7108
openssleq0.9.6105
openssleq0.9.8109
openssleq0.9.3
openssleq0.9.899

Name	Operator	Version
openssl	eq	0.9.7 beta5
openssl	eq	0.9.7 beta3
openssl	eq	0.9.5a beta2
openssl	eq	0.9.7 beta6
openssl	eq	0.9.898
openssl	eq	0.9.7108
openssl	eq	0.9.6105
openssl	eq	0.9.8109
openssl	eq	0.9.3
openssl	eq	0.9.899

Rows per page:

1-10 of 961

References

advisories.mageia.org/MGASA-2014-0165.html

eprint.iacr.org/2014/140

kb.juniper.net/InfoCenter/index?page=content&id=JSA10629

lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html

lists.opensuse.org/opensuse-updates/2014-04/msg00007.html

secunia.com/advisories/58492

secunia.com/advisories/58727

secunia.com/advisories/58939

secunia.com/advisories/59040

secunia.com/advisories/59162

secunia.com/advisories/59175

secunia.com/advisories/59264

secunia.com/advisories/59300

secunia.com/advisories/59364

secunia.com/advisories/59374

secunia.com/advisories/59413

secunia.com/advisories/59438

secunia.com/advisories/59445

secunia.com/advisories/59450

secunia.com/advisories/59454

secunia.com/advisories/59490

secunia.com/advisories/59495

secunia.com/advisories/59514

secunia.com/advisories/59655

secunia.com/advisories/59721

secunia.com/advisories/60571

support.apple.com/kb/HT6443

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

www-01.ibm.com/support/docview.wss?uid=isg400001841

www-01.ibm.com/support/docview.wss?uid=isg400001843

www-01.ibm.com/support/docview.wss?uid=swg21673137

www-01.ibm.com/support/docview.wss?uid=swg21676035

www-01.ibm.com/support/docview.wss?uid=swg21676062

www-01.ibm.com/support/docview.wss?uid=swg21676092

www-01.ibm.com/support/docview.wss?uid=swg21676419

www-01.ibm.com/support/docview.wss?uid=swg21676424

www-01.ibm.com/support/docview.wss?uid=swg21676501

www-01.ibm.com/support/docview.wss?uid=swg21676655

www-01.ibm.com/support/docview.wss?uid=swg21677695

www-01.ibm.com/support/docview.wss?uid=swg21677828

www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm

www.mandriva.com/security/advisories?name=MDVSA-2014:067

www.mandriva.com/security/advisories?name=MDVSA-2015:062

www.novell.com/support/kb/doc.php?id=7015264

www.novell.com/support/kb/doc.php?id=7015300

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

www.securityfocus.com/bid/66363

www.ubuntu.com/usn/USN-2165-1

bugs.gentoo.org/show_bug.cgi?id=505278

bugzilla.novell.com/show_bug.cgi?id=869945

git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2198be3483259de374f91e57d247d0fc667aef29

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946

kc.mcafee.com/corporate/index?page=content&id=SB10075

marc.info/?l=bugtraq&m=140266410314613&w=2

marc.info/?l=bugtraq&m=140317760000786&w=2

marc.info/?l=bugtraq&m=140389274407904&w=2

marc.info/?l=bugtraq&m=140389355508263&w=2

marc.info/?l=bugtraq&m=140448122410568&w=2

marc.info/?l=bugtraq&m=140482916501310&w=2

marc.info/?l=bugtraq&m=140621259019789&w=2

marc.info/?l=bugtraq&m=140752315422991&w=2

marc.info/?l=bugtraq&m=140904544427729&w=2

www.openssl.org/news/secadv_20140605.txt

6.4 Medium

AI Score

Confidence

Low

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

0.0005 Low

EPSS

Percentile

14.2%

JSON

Related for PRION:CVE-2014-0076