1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
OpenSSL is vulnerable to side-channel timing attacks. These attacks are possible because the Montgomery ladder implementation doesn’t run swap operations in constant time which makes it easier for local users to obtain ECDSA nonce values.
advisories.mageia.org/MGASA-2014-0165.html
eprint.iacr.org/2014/140
git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2198be3483259de374f91e57d247d0fc667aef29
git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2198be3483259de374f91e57d247d0fc667aef29
kb.juniper.net/InfoCenter/index?page=content&id=JSA10629
lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
lists.opensuse.org/opensuse-updates/2014-04/msg00007.html
marc.info/?l=bugtraq&m=140266410314613&w=2
marc.info/?l=bugtraq&m=140317760000786&w=2
marc.info/?l=bugtraq&m=140389274407904&w=2
marc.info/?l=bugtraq&m=140389355508263&w=2
marc.info/?l=bugtraq&m=140448122410568&w=2
marc.info/?l=bugtraq&m=140482916501310&w=2
marc.info/?l=bugtraq&m=140621259019789&w=2
marc.info/?l=bugtraq&m=140752315422991&w=2
marc.info/?l=bugtraq&m=140904544427729&w=2
secunia.com/advisories/58492
secunia.com/advisories/58727
secunia.com/advisories/58939
secunia.com/advisories/59040
secunia.com/advisories/59162
secunia.com/advisories/59175
secunia.com/advisories/59264
secunia.com/advisories/59300
secunia.com/advisories/59364
secunia.com/advisories/59374
secunia.com/advisories/59413
secunia.com/advisories/59438
secunia.com/advisories/59445
secunia.com/advisories/59450
secunia.com/advisories/59454
secunia.com/advisories/59490
secunia.com/advisories/59495
secunia.com/advisories/59514
secunia.com/advisories/59655
secunia.com/advisories/59721
secunia.com/advisories/60571
support.apple.com/kb/HT6443
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl
www-01.ibm.com/support/docview.wss?uid=isg400001841
www-01.ibm.com/support/docview.wss?uid=isg400001843
www-01.ibm.com/support/docview.wss?uid=swg21673137
www-01.ibm.com/support/docview.wss?uid=swg21676035
www-01.ibm.com/support/docview.wss?uid=swg21676062
www-01.ibm.com/support/docview.wss?uid=swg21676092
www-01.ibm.com/support/docview.wss?uid=swg21676419
www-01.ibm.com/support/docview.wss?uid=swg21676424
www-01.ibm.com/support/docview.wss?uid=swg21676501
www-01.ibm.com/support/docview.wss?uid=swg21676655
www-01.ibm.com/support/docview.wss?uid=swg21677695
www-01.ibm.com/support/docview.wss?uid=swg21677828
www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
www.mandriva.com/security/advisories?name=MDVSA-2014:067
www.mandriva.com/security/advisories?name=MDVSA-2015:062
www.novell.com/support/kb/doc.php?id=7015264
www.novell.com/support/kb/doc.php?id=7015300
www.openssl.org/news/secadv_20140605.txt
www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
www.securityfocus.com/bid/66363
www.ubuntu.com/usn/USN-2165-1
bugs.gentoo.org/show_bug.cgi?id=505278
bugzilla.novell.com/show_bug.cgi?id=869945
git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2198be3483259de374f91e57d247d0fc667aef29
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
kc.mcafee.com/corporate/index?page=content&id=SB10075
www.openssl.org/news/secadv/20140605.txt