FreeBSD : OpenSSL -- CMS and S/MIME Bleichenbacher attack (60eb344e-6eb1-11e1-8ad7-00e0815b8da8)

The OpenSSL Team reports : A weakness in the OpenSSL CMS and PKCS 7 code can be exploited using Bleichenbacher's attack on PKCS 1 v1.5 RSA padding also known as the million message attack MMA. Only users of CMS, PKCS 7, or S/MIME decryption operations are affected. A successful attack needs on...

Vulnerability in OpenSSL - CMS and S/MIME Bleichenbacher attack

A weakness in the OpenSSL CMS and PKCS 7 code can be exploited using Bleichenbacher’s attack on PKCS 1 v1.5 RSA padding also known as the million message attack MMA. Only users of CMS, PKCS 7, or S/MIME decryption operations are affected, SSL/TLS applications are not affected by this issue. Found...

OpenSSL -- CMS and S/MIME Bleichenbacher attack

The OpenSSL Team reports: A weakness in the OpenSSL CMS and PKCS 7 code can be exploited using Bleichenbacher's attack on PKCS 1 v1.5 RSA padding also known as the million message attack MMA. Only users of CMS, PKCS 7, or S/MIME decryption operations are affected. A successful attack needs on...

SSH PKCS #1 Version 1.5 Session Key Retrieval Vulnerability

Implementations of SSH version 1.5 are prone to a session key retrieval vulnerability. SPDX-FileCopyrightText: 2003 Xue Yong Zhi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

SUSE-SA:2003:024: openssl

The remote host is missing the patch for the advisory SUSE-SA:2003:024 openssl. Researchers from the University of Stanford have discovered certain weaknesses in OpenSSL's RSA decryption algorithm. It allows remote attackers to compute the private RSA key of a server by observing its timing...

RHEL 2.1 : openssl (RHSA-2003:102)

Updated OpenSSL packages are available that fix a potential timing-based attack and a modified Bleichenbacher attack. Updated 30 May 2003 Added missing i686 packages. OpenSSL is a commercial-grade, full-featured, open source toolkit that implements the Secure Sockets Layer SSL v2/v3 and Transport...

SSL/TLS implementations disclose side channel information via PKCS #1 v1.5 version number extension

Overview SSL/TLS implementations that respond distinctively to an incorrect PKCS 1 v1.5 encoded SSL/TLS version number expose the premaster secret to a modified Bleichenbacher attack. An attacker could decrypt a given SSL/TLS session or forge a signature on behalf of a vulnerable application's...

Important: Red Hat Security Advisory: : Updated OpenSSL packages fix vulnerabilities

Updated OpenSSL packages are available that fix a potential timing-based attack and a modified Bleichenbacher attack. OpenSSL is a commercial-grade, full-featured, and open source toolkit that implements Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols as well as a...

CVE-2003-0131

The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS 1 v1.5 padding that cause OpenSSL to leak...

CVE-2003-0131

The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS 1 v1.5 padding that cause OpenSSL to leak...

CVE-2003-0131

CVE-2003-0131 (and related CVE-2003-0147) affect OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a. The issue enables remote attackers to perform an unauthorized RSA private key operation via a Klima-Pokorny-Rosa–style Bleichenbacher attack using many SSL/TLS connections with PKCS#1 v1.5 padding, lea...

CVE-2003-0131

The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS 1 v1.5 padding that cause OpenSSL to leak...

Vulnerability in OpenSSL CVE-2003-0131

The SSL and TLS components allowed remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS 1 v1.5 padding that caused OpenSSL to leak information regarding the relationship between...

CVE-2001-0361

Implementations of SSH version 1.5, including 1 OpenSSH up to version 2.3.0, 2 AppGate, and 3 ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS1 version 1.5...

CVE-2001-0361

CVE-2001-0361 affects SSH v1.5 implementations, notably OpenSSH up to 2.3.0, AppGate, and ssh-1 up to 1.2.31, when configured in certain ways. The issue enables a remote attacker to decrypt and/or alter traffic via a Bleichenbacher attack on PKCS#1 version 1.5. The connected PT security entries (...

Cryptographic Issues

Overview Affected versions of this package are vulnerable to Cryptographic Issues. Implementations of SSH version 1.5, including 1 OpenSSH up to version 2.3.0, 2 AppGate, and 3 ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a...

CVE-2001-0361

Implementations of SSH version 1.5, including 1 OpenSSH up to version 2.3.0, 2 AppGate, and 3 ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS1 version 1.5...

PT-2001-2674 · Isc +3 · Inn2-Inews +8

Name of the Vulnerable Software and Affected Versions: OpenSSH versions prior to 2.3.0 ssh-1 versions prior to 1.2.31 Debian GNU/Linux affected versions not specified Description: The issue concerns multiple vulnerabilities in various packages of the Debian GNU/Linux operating system, including...