OpenSSL: ECDSA Private Key Leak (CVE-2011-1945) - Linux

OpenSSL leaks ECDSA private key through a remote timing attack. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free softwar...

Gentoo Security Advisory GLSA 201312-03

Gentoo Linux Local Security Checks GLSA 201312-03 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

openSUSE Security Update : libopenssl-devel (openSUSE-SU-2011:0634-1)

This update of openssl fixes a timing attack. This attack can be used to obtain the private key of a TLS server whenever ECDSA signatures are used. CVE-2011-1945: CVSS v2 Base Score: 4.3 important AV:N/AC:M/Au:N/C:P/I:N/A:N: Cryptographic Issues CWE-310 %NASLMINLEVEL 70300 C Tenable Network...

openSUSE Security Update : libopenssl-devel (openSUSE-SU-2011:0634-1)

This update of openssl fixes a timing attack. This attack can be used to obtain the private key of a TLS server whenever ECDSA signatures are used. CVE-2011-1945: CVSS v2 Base Score: 4.3 important AV:N/AC:M/Au:N/C:P/I:N/A:N: Cryptographic Issues CWE-310 %NASLMINLEVEL 70300 C Tenable Network...

HP/HPE System Management Homepage (SMH) Multiple Vulnerabilities (HPSBMU02764)

HP/HPE System Management Homepage SMH is prone to multiple vulnerabilities. Copyright C 2012 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

Mandriva Linux Security Advisory : openssl (MDVSA-2011:136)

A vulnerability was discovered and corrected in openssl : The elliptic curve cryptography ECC subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm ECDSA is used for the ECDHEECDSA cipher suite, does not properly implement curves over binary fields, which...

Debian Security Advisory DSA 2309-1 (openssl)

The remote host is missing an update to openssl announced via advisory DSA 2309-1. OpenVAS Vulnerability Test $Id: deb23091.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2309-1 openssl Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...

[SECURITY] [DSA 2309-1] openssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2309-1 [email protected] http://www.debian.org/security/ Raphael Geissert September 13, 2011 http://www.debian.org/security/faq -...

DSA-2309-1 openssl - compromised certificate authority

Bulletin has no description...

SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 7552)

This update of openssl fixes a timing attack. This attack can be used to obtain the private key of a TLS server whenever ECDSA signatures are used. CVE-2011-1945: CVSS v2 Base Score: 4.3 important AV:N/AC:M/Au:N/C:P/I:N/A:N: Cryptographic Issues. CWE-310 %NASLMINLEVEL 70300 C Tenable Network...

SuSE 11.1 Security Update : OpenSSL (SAT Patch Number 4662)

This update of openssl fixes a timing attack. This attack can be used to obtain the private key of a TLS server whenever ECDSA signatures are used. CVE-2011-1945: CVSS v2 Base Score: 4.3 important AV:N/AC:M/Au:N/C:P/I:N/A:N: Cryptographic Issues. CWE-310 %NASLMINLEVEL 70300 C Tenable Network...

CVE-2011-1945

The CVE-2011-1945 entry concerns the ECC subsystem in OpenSSL 1.0.0d and earlier, where ECDSA used for the ECDHE_ECDSA cipher suite does not properly implement curves over binary fields. This weakness can enable context-dependent attackers to recover private keys via timing attacks and lattice ca...