MiracleLinux 9 : openssl-3.0.1-47.el9 (AXSA:2023-5192:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5192:01 advisory. openssl: read buffer overflow in X.509 certificate verification CVE-2022-4203 openssl: timing attack in RSA Decryption implementation CVE-2022-4304...

EUVD-2013-5749

Malware in sbrugna...

Medium: gnutls

Issue Overview: A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK ke...

RHEL 9 : edk2 (RHSA-2023:2165)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2165 advisory. EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware f...

[ADVISORY] Timing Attack on OpenSSL

OpenSSL v0.9.7a and 0.9.6i vulnerability ---------------------------------------- Researchers have discovered a timing attack on RSA keys, to which OpenSSL is generally vulnerable, unless RSA blinding has been turned on. Typically, it will not have been, because it is not easily possible to do so...