1.2 - VU#724968

Executive Summary

Summary
Title	RSA key reconstruction vulnerability

Informations
Name	VU#724968	First vendor Publication	2007-08-01
Vendor	VU-CERT	Last vendor Modification	2007-08-02
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:H/Au:N/C:P/I:N/A:N)
Cvss Base Score	1.2	Attack Range	Local
Cvss Impact Score	2.9	Attack Complexity	High
Cvss Expoit Score	1.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#724968

RSA key reconstruction vulnerability

Overview

Various implementations of RSA may contain a vulnerability that could allow an attacker to retrieve encryption keys.

I. Description

Some implementations of RSA may contain a vulnerability that could allow a local attacker to retrieve encryption keys.

OpenSSL is a widely used open source implementation of the SSL and TLS protocols. OpenSSL is based on the SSLeay library. OpenSSL provides support for the RSA encryption algorithm. Note that vendors may include a vulnerable version of OpenSSL in web servers, VPN, or other products.

II. Impact

An attacker could possibly decrypt messages that were encrypted with OpenSSL using RSA algorithm.

III. Solution

Apply a patch

OpenSSL has released a patch to address this issue. See http://openssl.org/news/patch-CVE-2007-3108.txt for more details.

Systems Affected

Vendor	Status	Date Updated
America Online, Inc.	Unknown	28-Jun-2007
Apache-SSL	Unknown	28-Jun-2007
Apache HTTP Server Project	Unknown	28-Jun-2007
Apple Computer, Inc.	Unknown	1-Aug-2007
Aruba Networks, Inc.	Unknown	28-Jun-2007
AttachmateWRQ, Inc.	Unknown	28-Jun-2007
Certicom	Unknown	28-Jun-2007
Conectiva Inc.	Unknown	1-Aug-2007
Covalent Technologies	Unknown	28-Jun-2007
Cray Inc.	Unknown	1-Aug-2007
Cryptlib	Unknown	2-Aug-2007
Crypto++ Library	Unknown	28-Jun-2007
Debian GNU/Linux	Unknown	1-Aug-2007
EMC Corporation	Unknown	1-Aug-2007
Engarde Secure Linux	Unknown	1-Aug-2007
F-Secure Corporation	Unknown	31-Jul-2007
F5 Networks, Inc.	Unknown	28-Jun-2007
Fedora Project	Unknown	1-Aug-2007
FreeBSD, Inc.	Unknown	1-Aug-2007
Fujitsu	Unknown	1-Aug-2007
Gentoo Linux	Unknown	1-Aug-2007
Hewlett-Packard Company	Unknown	1-Aug-2007
Hitachi	Unknown	1-Aug-2007
IAIK Java Group	Unknown	28-Jun-2007
IBM Corporation	Unknown	1-Aug-2007
IBM Corporation (zseries)	Unknown	1-Aug-2007
IBM eServer	Unknown	1-Aug-2007
Immunix Communications, Inc.	Unknown	1-Aug-2007
Ingrian Networks, Inc.	Unknown	28-Jun-2007
Juniper Networks, Inc.	Unknown	1-Aug-2007
Lotus Software	Unknown	28-Jun-2007
lsh	Unknown	28-Jun-2007
Mandriva, Inc.	Unknown	1-Aug-2007
Microsoft Corporation	Unknown	28-Jun-2007
Mirapoint, Inc.	Unknown	28-Jun-2007
mod_ssl	Unknown	28-Jun-2007
MontaVista Software, Inc.	Unknown	1-Aug-2007
Mozilla	Unknown	28-Jun-2007
NEC Corporation	Unknown	1-Aug-2007
NetBSD	Unknown	1-Aug-2007
Netscape NSS	Unknown	28-Jun-2007
Nokia	Unknown	28-Jun-2007
Novell, Inc.	Unknown	1-Aug-2007
OpenBSD	Unknown	1-Aug-2007
OpenSSL	Vulnerable	2-Aug-2007
Openwall GNU/*/Linux	Unknown	1-Aug-2007
QNX, Software Systems, Inc.	Unknown	1-Aug-2007
Red Hat, Inc.	Unknown	1-Aug-2007
RSA Security, Inc.	Unknown	28-Jun-2007
Silicon Graphics, Inc.	Unknown	1-Aug-2007
Slackware Linux Inc.	Unknown	1-Aug-2007
Sony Corporation	Unknown	1-Aug-2007
Spyrus	Unknown	28-Jun-2007
Stunnel	Unknown	28-Jun-2007
Sun Microsystems, Inc.	Unknown	28-Jun-2007
SUSE Linux	Unknown	1-Aug-2007
The SCO Group	Unknown	1-Aug-2007
Trustix Secure Linux	Unknown	1-Aug-2007
Turbolinux	Unknown	1-Aug-2007
Ubuntu	Unknown	1-Aug-2007
Unisys	Unknown	1-Aug-2007
Wind River Systems, Inc.	Unknown	1-Aug-2007

References

http://openssl.org/news/patch-CVE-2007-3108.txt
http://cvs.openssl.org/chngview?cn=16275
http://www.openssl.org/docs/apps/rsa.html#
http://en.wikipedia.org/wiki/Rsa

Credit

Thanks to Dr. Onur Aciicmez, Samsung Information Systems America, Samsung Electronics R&D Center, USA, and Prof. Werner Schindler, Bundesamt fÃ¼r Sicherheit in der Informationstechnik (BSI), Germany for reporting this vulnerability.

This document was written by Ryan Giobbi.

Other Information

Date Public
Date First Published	08/01/2007 11:03:28 AM
Date Last Updated	08/02/2007
CERT Advisory
CVE Name	CVE-2007-3108
Metric	1.77
Document Revision	19

Original Source

Url : http://www.kb.cert.org/vuls/id/724968

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:20219

Oval ID:	oval:org.mitre.oval:def:20219
Title:	DSA-1571-1 openssl - predictable random number generator
Description:	Luciano Bello discovered that the random number generator in Debian's openssl package is predictable. This is caused by an incorrect Debian-specific change to the openssl package (<a href="http://security-tracker.debian.org/tracker/CVE-2008-0166">CVE-2008-0166</a>). As a result, cryptographic key material may be guessable.
Family:	unix	Class:	patch
Reference(s):	DSA-1571-1 CVE-2008-0166 CVE-2007-4995 CVE-2007-3108	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	openssl
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND openssl DPKG is earlier than 0:0.9.8c-4etch3

Definition Id: oval:org.mitre.oval:def:7946

Oval ID:	oval:org.mitre.oval:def:7946
Title:	DSA-1571 openssl -- predictable random number generator
Description:	Luciano Bello discovered that the random number generator in Debian's openssl package is predictable. This is caused by an incorrect Debian-specific change to the openssl package (CVE-2008-0166). As a result, cryptographic key material may be guessable. This is a Debian-specific vulnerability which does not affect other operating systems which are not based on Debian. However, other systems can be indirectly affected if weak keys are imported into them. It is strongly recommended that all cryptographic key material which has been generated by OpenSSL versions starting with 0.9.8c-1 on Debian systems is recreated from scratch. Furthermore, all DSA keys ever used on affected Debian systems for signing or authentication purposes should be considered compromised; the Digital Signature Algorithm relies on a secret random value used during signature generation. The first vulnerable version, 0.9.8c-1, was uploaded to the unstable distribution on 2006-09-17, and has since that date propagated to the testing and current stable (etch) distributions. The old stable distribution (sarge) is not affected. Affected keys include SSH keys, OpenVPN keys, DNSSEC keys, and key material for use in X.509 certificates and session keys used in SSL/TLS connections. Keys generated with GnuPG or GNUTLS are not affected, though. A detector for known weak key material will be published at: http://security.debian.org/project/extra/dowkd/dowkd.pl.gz (OpenPGP signature) Instructions how to implement key rollover for various packages will be published at: http://www.debian.org/security/key-rollover/ This web site will be continuously updated to reflect new and updated instructions on key rollovers for packages using SSL certificates. Popular packages not affected will also be listed. In addition to this critical change, two other vulnerabilities have been fixed in the openssl package which were originally scheduled for release with the next etch point release: OpenSSL's DTLS (Datagram TLS, basically SSL over UDP) implementation did not actually implement the DTLS specification, but a potentially much weaker protocol, and contained a vulnerability permitting arbitrary code execution (CVE-2007-4995). A side channel attack in the integer multiplication routines is also addressed (CVE-2007-3108).
Family:	unix	Class:	patch
Reference(s):	DSA-1571 CVE-2008-0166 CVE-2007-4995 CVE-2007-3108	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	openssl
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Packages section libssl-dev is earlier than 0.9.8c-4etch3 AND libssl0.9.8-dbg is earlier than 0.9.8c-4etch3 AND libssl0.9.8 is earlier than 0.9.8c-4etch3 AND openssl is earlier than 0.9.8c-4etch3

Definition Id: oval:org.mitre.oval:def:9984

Oval ID:	oval:org.mitre.oval:def:9984
Title:	The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.
Description:	The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-3108	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section openssl-perl is earlier than 0:0.9.7a-33.24 AND openssl-devel is earlier than 0:0.9.7a-33.24 AND openssl is earlier than 0:0.9.7a-33.24 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section openssl-perl is earlier than 0:0.9.7a-43.17.el4_6.1 AND openssl-devel is earlier than 0:0.9.7a-43.17.el4_6.1 AND openssl is earlier than 0:0.9.7a-43.17.el4_6.1 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section openssl-perl is earlier than 0:0.9.8b-8.3.el5_0.2 AND openssl-devel is earlier than 0:0.9.8b-8.3.el5_0.2 AND openssl is earlier than 0:0.9.8b-8.3.el5_0.2

CPE : Common Platform Enumeration

Type	Description	Count
Application	Openssl cpe:2.3:a:openssl:openssl:0.9.8zg:::::::* cpe:2.3:a:openssl:openssl:0.9.8zf:::::::* cpe:2.3:a:openssl:openssl:0.9.8ze:::::::* cpe:2.3:a:openssl:openssl:0.9.8zc:::::::* cpe:2.3:a:openssl:openssl:0.9.8zb:::::::* cpe:2.3:a:openssl:openssl:0.9.8za:::::::* cpe:2.3:a:openssl:openssl:0.9.8z:::::::* cpe:2.3:a:openssl:openssl:0.9.8y:::::::* cpe:2.3:a:openssl:openssl:0.9.8x:::::::* cpe:2.3:a:openssl:openssl:0.9.8w:::::::* cpe:2.3:a:openssl:openssl:0.9.8v:::::::* cpe:2.3:a:openssl:openssl:0.9.8u:::::::* cpe:2.3:a:openssl:openssl:0.9.8t:::::::* cpe:2.3:a:openssl:openssl:0.9.8s:::::::* cpe:2.3:a:openssl:openssl:0.9.8r:::::::* cpe:2.3:a:openssl:openssl:0.9.8q:::::::* cpe:2.3:a:openssl:openssl:0.9.8o:::::::* cpe:2.3:a:openssl:openssl:0.9.8n:::::::* cpe:2.3:a:openssl:openssl:0.9.8m:-:::::: cpe:2.3:a:openssl:openssl:0.9.8m:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.8l:::::::* cpe:2.3:a:openssl:openssl:0.9.8k:::::::* cpe:2.3:a:openssl:openssl:0.9.8j:::::::* cpe:2.3:a:openssl:openssl:0.9.8i:::::::* cpe:2.3:a:openssl:openssl:0.9.8h:::::::* cpe:2.3:a:openssl:openssl:0.9.8g:::::::* cpe:2.3:a:openssl:openssl:0.9.8g::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8g::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8f:::::::* cpe:2.3:a:openssl:openssl:0.9.8f::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8f::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8f::::::x86: cpe:2.3:a:openssl:openssl:0.9.8e:::::::* cpe:2.3:a:openssl:openssl:0.9.8e::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8e::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8e::::::x86: cpe:2.3:a:openssl:openssl:0.9.8d:::::::* cpe:2.3:a:openssl:openssl:0.9.8d::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8d::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8d::::::x86: cpe:2.3:a:openssl:openssl:0.9.8c:::::::* cpe:2.3:a:openssl:openssl:0.9.8c::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.8c::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.8c::::::x86: cpe:2.3:a:openssl:openssl:0.9.7m:::::::* cpe:2.3:a:openssl:openssl:0.9.7m::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7m::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7m::::::x86: cpe:2.3:a:openssl:openssl:0.9.7l:::::::* cpe:2.3:a:openssl:openssl:0.9.7l::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7l::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7l::::::x86: cpe:2.3:a:openssl:openssl:0.9.7k:::::::* cpe:2.3:a:openssl:openssl:0.9.7k::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7k::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7k::::::x86: cpe:2.3:a:openssl:openssl:0.9.7j:::::::* cpe:2.3:a:openssl:openssl:0.9.7j::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7j::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7j::::::x86: cpe:2.3:a:openssl:openssl:0.9.7i:::::::* cpe:2.3:a:openssl:openssl:0.9.7i::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7i::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7i::::::x86: cpe:2.3:a:openssl:openssl:0.9.7h:::::::* cpe:2.3:a:openssl:openssl:0.9.7h::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7h::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7h::::::x86: cpe:2.3:a:openssl:openssl:0.9.7g:::::::* cpe:2.3:a:openssl:openssl:0.9.7g::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7g::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7g::::::x86: cpe:2.3:a:openssl:openssl:0.9.7f:::::::* cpe:2.3:a:openssl:openssl:0.9.7f::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7f::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7f::::::x86: cpe:2.3:a:openssl:openssl:0.9.7e:::::::* cpe:2.3:a:openssl:openssl:0.9.7e::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7e::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7e::::::x86: cpe:2.3:a:openssl:openssl:0.9.7d:::::::* cpe:2.3:a:openssl:openssl:0.9.7d::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7d::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7d::::::x86: cpe:2.3:a:openssl:openssl:0.9.7c:::::::* cpe:2.3:a:openssl:openssl:0.9.7c::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7c::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7c::::::x86: cpe:2.3:a:openssl:openssl:0.9.7b:::::::* cpe:2.3:a:openssl:openssl:0.9.7b::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7b::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7b::::::x86: cpe:2.3:a:openssl:openssl:0.9.7a:::::::* cpe:2.3:a:openssl:openssl:0.9.7a::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7a::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7a::::::x86: cpe:2.3:a:openssl:openssl:0.9.7:beta3:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.7:-:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta5:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta6:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta4:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.7:beta2:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta4:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta1:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta5:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta3:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.7:beta6:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta5:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta4:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta6:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta1:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta3:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7:beta2:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.7::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.7::::::x86: cpe:2.3:a:openssl:openssl:0.9.7:beta1:::::x86:* cpe:2.3:a:openssl:openssl:0.9.7:beta2:::::x86:* cpe:2.3:a:openssl:openssl:0.9.7:beta3:::::x86:* cpe:2.3:a:openssl:openssl:0.9.7:beta4:::::x86:* cpe:2.3:a:openssl:openssl:0.9.7:beta5:::::x86:* cpe:2.3:a:openssl:openssl:0.9.7:beta6:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6m:::::::* cpe:2.3:a:openssl:openssl:0.9.6m::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6m::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6m::::::x86: cpe:2.3:a:openssl:openssl:0.9.6l:::::::* cpe:2.3:a:openssl:openssl:0.9.6l::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6l::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6l::::::x86: cpe:2.3:a:openssl:openssl:0.9.6k:::::::* cpe:2.3:a:openssl:openssl:0.9.6k::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6k::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6k::::::x86: cpe:2.3:a:openssl:openssl:0.9.6j:::::::* cpe:2.3:a:openssl:openssl:0.9.6j::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6j::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6j::::::x86: cpe:2.3:a:openssl:openssl:0.9.6i:::::::* cpe:2.3:a:openssl:openssl:0.9.6i::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6i::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6i::::::x86: cpe:2.3:a:openssl:openssl:0.9.6h:::::::* cpe:2.3:a:openssl:openssl:0.9.6h:bogus:::::: cpe:2.3:a:openssl:openssl:0.9.6h::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6h::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6h::::::x86: cpe:2.3:a:openssl:openssl:0.9.6g:::::::* cpe:2.3:a:openssl:openssl:0.9.6g::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6g::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6g::::::x86: cpe:2.3:a:openssl:openssl:0.9.6f:::::::* cpe:2.3:a:openssl:openssl:0.9.6f::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6f::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6f::::::x86: cpe:2.3:a:openssl:openssl:0.9.6e:::::::* cpe:2.3:a:openssl:openssl:0.9.6e::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6e::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6e::::::x86: cpe:2.3:a:openssl:openssl:0.9.6d:-:::::: cpe:2.3:a:openssl:openssl:0.9.6d::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6d::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6d::::::x86: cpe:2.3:a:openssl:openssl:0.9.6c:::::::* cpe:2.3:a:openssl:openssl:0.9.6c::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6c::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6c::::::x86: cpe:2.3:a:openssl:openssl:0.9.6b:::::::* cpe:2.3:a:openssl:openssl:0.9.6b::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6b::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6b::::::x86: cpe:2.3:a:openssl:openssl:0.9.6a:-:::::: cpe:2.3:a:openssl:openssl:0.9.6a:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.6a:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.6a:beta3:::::: cpe:2.3:a:openssl:openssl:0.9.6a:beta2:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6a::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6a:beta3:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6a:beta1:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6a:beta1:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6a:beta2:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6a:beta3:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6a::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6a::::::x86: cpe:2.3:a:openssl:openssl:0.9.6a:beta1:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6a:beta2:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6a:beta3:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.6:-:::::: cpe:2.3:a:openssl:openssl:0.9.6:beta3:::::: cpe:2.3:a:openssl:openssl:0.9.6:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.6:beta2:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.6:beta1:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6:beta3:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.6:beta1:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6:beta3:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6:beta2:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.6::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.6::::::x86: cpe:2.3:a:openssl:openssl:0.9.6:beta1:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6:beta2:::::x86:* cpe:2.3:a:openssl:openssl:0.9.6:beta3:::::x86:* cpe:2.3:a:openssl:openssl:0.9.5a:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.5a:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.5a:-:::::: cpe:2.3:a:openssl:openssl:0.9.5a:beta2:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.5a::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.5a:beta1:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.5a::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.5a:beta1:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.5a:beta2:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.5a::::::x86: cpe:2.3:a:openssl:openssl:0.9.5a:beta1:::::x86:* cpe:2.3:a:openssl:openssl:0.9.5a:beta2:::::x86:* cpe:2.3:a:openssl:openssl:0.9.5:beta1:::::: cpe:2.3:a:openssl:openssl:0.9.5:-:::::: cpe:2.3:a:openssl:openssl:0.9.5:beta2:::::: cpe:2.3:a:openssl:openssl:0.9.5:beta2:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.5:beta1:%7E%7E%7E%7Ex86%7E:::::* cpe:2.3:a:openssl:openssl:0.9.5::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.5:beta1:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.5:beta2:~~~~x86~:::::* cpe:2.3:a:openssl:openssl:0.9.5::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.5::::::x86: cpe:2.3:a:openssl:openssl:0.9.5:beta1:::::x86:* cpe:2.3:a:openssl:openssl:0.9.5:beta2:::::x86:* cpe:2.3:a:openssl:openssl:0.9.4:::::::* cpe:2.3:a:openssl:openssl:0.9.4::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.4::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.4::::::x86: cpe:2.3:a:openssl:openssl:0.9.3a:::::::* cpe:2.3:a:openssl:openssl:0.9.3a::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.3a::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.3a::::::x86: cpe:2.3:a:openssl:openssl:0.9.3:-:::::: cpe:2.3:a:openssl:openssl:0.9.3::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.3::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.3::::::x86: cpe:2.3:a:openssl:openssl:0.9.2b:::::::* cpe:2.3:a:openssl:openssl:0.9.2b::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.2b::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.2b::::::x86: cpe:2.3:a:openssl:openssl:0.9.1c:::::::* cpe:2.3:a:openssl:openssl:0.9.1c::%7E%7E%7E%7Ex86%7E::::: cpe:2.3:a:openssl:openssl:0.9.1c::~~~~x86~::::: cpe:2.3:a:openssl:openssl:0.9.1c::::::x86: cpe:2.3:a:openssl:openssl:0.9.1b:::::::* cpe:2.3:a:openssl:openssl:0.9.0b:::::::* cpe:2.3:a:openssl:openssl:::::::: cpe:2.3:a:openssl:openssl:::openvms:::::* cpe:2.3:a:openssl:openssl:-:::::::*	254

OpenVAS Exploits

Date	Description
2009-04-09	Name : Mandriva Update for openssl MDKSA-2007:193 (openssl) File : nvt/gb_mandriva_MDKSA_2007_193.nasl
2009-03-23	Name : Ubuntu Update for openssl vulnerabilities USN-522-1 File : nvt/gb_ubuntu_USN_522_1.nasl
2009-02-27	Name : Fedora Update for openssl FEDORA-2007-1444 File : nvt/gb_fedora_2007_1444_openssl_fc7.nasl
2009-02-27	Name : Fedora Update for openssl FEDORA-2007-2530 File : nvt/gb_fedora_2007_2530_openssl_fc7.nasl
2009-02-27	Name : Fedora Update for openssl FEDORA-2007-661 File : nvt/gb_fedora_2007_661_openssl_fc6.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200710-06 (openssl) File : nvt/glsa_200710_06.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200805-07 (ltsp) File : nvt/glsa_200805_07.nasl
2008-05-27	Name : Debian Security Advisory DSA 1571-1 (openssl) File : nvt/deb_1571_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
37055	OpenSSL crypto/bn/bn_mont.c BN_from_montgomery Function Local RSA Key Disclosure

Nessus® Vulnerability Scanner

Date	Description
2014-12-15	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-11.nasl - Type : ACT_GATHER_INFO
2014-10-10	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL8108.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0964.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0813.nasl - Type : ACT_GATHER_INFO
2013-06-29	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-1003.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071012_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071022_openssl_on_SL3.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071115_openssl_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-01-04	Name : The remote server is affected by multiple vulnerabilities. File : openssl_0_9_8f.nasl - Type : ACT_GATHER_INFO
2010-01-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0964.nasl - Type : ACT_GATHER_INFO
2009-07-27	Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2008-0013.nasl - Type : ACT_GATHER_INFO
2009-07-27	Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2008-0001.nasl - Type : ACT_GATHER_INFO
2008-08-20	Name : The remote SSH service is affected by multiple vulnerabilities. File : attachmate_reflection_70_sp1.nasl - Type : ACT_GATHER_INFO
2008-05-13	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1571.nasl - Type : ACT_GATHER_INFO
2007-11-16	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1003.nasl - Type : ACT_GATHER_INFO
2007-11-10	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-522-1.nasl - Type : ACT_GATHER_INFO
2007-11-06	Name : The remote Fedora host is missing a security update. File : fedora_2007-1444.nasl - Type : ACT_GATHER_INFO
2007-10-25	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0813.nasl - Type : ACT_GATHER_INFO
2007-10-25	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0813.nasl - Type : ACT_GATHER_INFO
2007-10-15	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0964.nasl - Type : ACT_GATHER_INFO
2007-10-09	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-193.nasl - Type : ACT_GATHER_INFO
2007-10-09	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200710-06.nasl - Type : ACT_GATHER_INFO
2007-08-21	Name : The remote Fedora Core host is missing a security update. File : fedora_2007-661.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2016-04-26 13:55:31	Multiple Updates
2014-02-17 12:08:08	Multiple Updates

Global Informations

Type	Count
Oval ID(s)	3
CPE ID(s)	254
osvdb(s)	1
Openvas Exploit(s)	8
Nessus® Exploit(s)	23

	Related
1.2	CVE-2007-3108
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)