| Vulnerability Name: | CVE-2000-1254 (CCN-113136) | ||||||||||||||||||||
| Assigned: | 2016-05-04 | ||||||||||||||||||||
| Published: | 2016-05-04 | ||||||||||||||||||||
| Updated: | 2017-02-02 | ||||||||||||||||||||
| Summary: | crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed the size of an expression, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging improper RSA key generation on 64-bit HP-UX platforms. | ||||||||||||||||||||
| CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||||||||||||||
| Vulnerability Type: | CWE-310 | ||||||||||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2000-1254 Source: CCN Type: OpenSSL Project User Support Mailing List, 2000-05-29 13:46:24 64 bit problem in RSA_generate_key in 0.9.5a Source: MLIST Type: UNKNOWN [openssl-users] 20000529 64 bit problem in RSA_generate_key in 0.9.5a Source: CONFIRM Type: UNKNOWN http://www-01.ibm.com/support/docview.wss?uid=swg21995039 Source: CCN Type: IBM Security Bulletin 1985592 (Netcool/System Service Monitor) Vulnerabilities in OpenSSL affects IBM Tivoli Netcool System Service Monitors/Application Service Monitors Source: CCN Type: IBM Security Bulletin 1993061 (Sterling Connect:Express for UNIX) Multiple Vulnerabilities in OpenSSL affect IBM Sterling Connect:Express for Unix Source: CCN Type: IBM Security Bulletin 1995039 (Security Virtual Server Protection for VMware) Vulnerabilities in OpenSSL, OpenVPN and GNU glibc affect IBM Security Virtual Server Protection for VMware Source: CCN Type: IBM Security Bulletin 1996096 (Workload Scheduler) Multiple vulnerabilities in OpenSSL affect IBM Workload Scheduler Source: CCN Type: IBM Security Bulletin 1996275 (InfoSphere Master Data Management) Multiple vulnerabilities in OpenSSL affects IBM InfoSphere Master Data Management Source: CCN Type: IBM Security Bulletin 1999649 (Cognos TM1) Multiple Security Vulnerabilities exist in IBM Cognos TM1 Source: CCN Type: IBM Security Bulletin 1999652 (Cognos Insight) Multiple Security Vulnerabilities exist in IBM Cognos Insight Source: CCN Type: IBM Security Bulletin 2002268 (Cognos Express) Multiple Security Vulnerabilities exist in IBM Cognos Express. Source: CCN Type: IBM Security Bulletin 2002374 (Tivoli Composite Application Manager for Transactions) Vulnerabilities in OpenSSL affects IBM Tivoli Composite Application Manager for Transactions (CVE-2000-1254,CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,C Source: CCN Type: IBM Security Bulletin C1000213 (MobileFirst Platform Foundation) Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundation Source: MLIST Type: UNKNOWN [oss-security] 20160504 broken RSA keys Source: BID Type: UNKNOWN 90109 Source: CCN Type: BID-90109 OpenSSL CVE-2000-1254 Security Bypass Vulnerability Source: SECTRACK Type: UNKNOWN 1035750 Source: XF Type: UNKNOWN openssl-cve20001254-info-disc(113136) Source: CONFIRM Type: UNKNOWN https://git.openssl.org/?p=openssl.git;a=commit;h=db82b8f9bd432a59aea8e1014694e15fc457c2bb Source: CCN Type: IBM Security Bulletin S1010570 (Cisco MDS 9710 Multilayer Director) Vulnerabilities in Open Source OpenSSL affect IBM Cisco SAN switches and directors (CVE-2016-2177 CVE-2000-1254 CVE-2016-2178). Source: CCN Type: OpenSSL Web site OpenSSL | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||