Oval Definition:	oval:org.mitre.oval:def:466
Revision Date: 2007-04-25 Version: 20 Title: OpenSSL No RSA Blinding Vulnerability Description: OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal). Family: unix Class: vulnerability Status: ACCEPTED Reference(s): CVE-2003-0147 Platform(s): Red Hat Linux 9 Product(s): OpenSSL Definition Synopsis Red Hat 9 is installed AND ix86 architecture AND affected version of SSL and TLS components for OpenSSL openssl version is less than 0.9.7a-5 OR openssl-devel version is less than 0.9.7a-5 OR openssl-perl version is less than 0.9.7a-5 OR openssl096 version is less than 0.9.6-17 OR openssl096b version is less than 0.9.6b-6
BACK