exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2007-3108

Status Candidate

Overview

The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.

Related Files

Gentoo Linux Security Advisory 201412-11
Posted Dec 12, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-11 - Multiple vulnerabilities have been found in AMD64 x86 emulation base libraries, the worst of which may allow remote execution of arbitrary code. Versions prior to 20140406-r1 are affected.

tags | advisory, remote, arbitrary, x86, vulnerability
systems | linux, gentoo
advisories | CVE-2007-0720, CVE-2007-1536, CVE-2007-2026, CVE-2007-2445, CVE-2007-2741, CVE-2007-3108, CVE-2007-4995, CVE-2007-5116, CVE-2007-5135, CVE-2007-5266, CVE-2007-5268, CVE-2007-5269, CVE-2007-5849, CVE-2010-1205, CVE-2013-0338, CVE-2013-0339, CVE-2013-1664, CVE-2013-1969, CVE-2013-2877, CVE-2014-0160
SHA-256 | 0d52bd946d4c830b5f1f480535296f513bafe2d3abc811d6666cbb6fb317a087
VMware Security Advisory 2008-0013
Posted Aug 13, 2008
Authored by VMware | Site vmware.com

VMware Security Advisory - Updated ESX packages for OpenSSL, net-snmp, and perl have been released to address multiple vulnerabilities.

tags | advisory, perl, vulnerability
advisories | CVE-2007-3108, CVE-2007-5135, CVE-2008-2292, CVE-2008-0960, CVE-2008-1927
SHA-256 | b9fc79fc6d73c8635a227013728cb6e8490b89d0d62d24c585fa37fd7cbfa221
VMware Security Advisory 2008-0001.1
Posted Jan 24, 2008
Authored by VMware | Site vmware.com

VMware Security Advisory - There is an OpenPegasus PAM authentication buffer overflow and updated service console packages are available.

tags | advisory, overflow
advisories | CVE-2007-5360, CVE-2007-5398, CVE-2007-4572, CVE-2007-5191, CVE-2007-5116, CVE-2007-3108, CVE-2007-5135
SHA-256 | 483d9d8f7624eaf97e973bf1a873f074836e2faa50411880fd4a74ea047d49c1
VMware Security Advisory 2008-0001
Posted Jan 8, 2008
Authored by VMware | Site vmware.com

VMware Security Advisory - Alexander Sotirov from VMware Security Research discovered a buffer overflow vulnerability in the OpenPegasus Management server. Additionally, various service console packages have been updated.

tags | advisory, overflow
advisories | CVE-2007-5360, CVE-2007-5398, CVE-2007-4572, CVE-2007-5191, CVE-2007-5116, CVE-2007-3108, CVE-2007-5135
SHA-256 | be7e78ccb4f20704221fb7366e2271392d4aa26ec0d833801cc6ea984541e69f
Gentoo Linux Security Advisory 200710-6
Posted Oct 9, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200710-06 - Moritz Jodeit reported an off-by-one error in the SSL_get_shared_ciphers() function, resulting from an incomplete fix of CVE-2006-3738. A flaw has also been reported in the BN_from_montgomery() function in crypto/bn/bn_mont.c when performing Montgomery multiplication. Versions less than 0.9.8e-r3 are affected.

tags | advisory, crypto
systems | linux, gentoo
advisories | CVE-2006-3738, CVE-2007-3108, CVE-2007-5135
SHA-256 | 0b7f742d6f45bd21e2f630fffb548c74e417ec802f803d9f557efab7654c51fd
Mandriva Linux Security Advisory 2007.193
Posted Oct 5, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A flaw in how OpenSSL performed Montgomery multiplications was discovered %that could allow a local attacker to reconstruct RSA private keys by examining another user's OpenSSL processes. Moritz Jodeit found that OpenSSL's SSL_get_shared_ciphers() function did not correctly check the size of the buffer it was writing to. As a result, a remote attacker could exploit this to write one NULL byte past the end of the application's cipher list buffer, which could possibly lead to a denial of service or the execution of arbitrary code.

tags | advisory, remote, denial of service, arbitrary, local
systems | linux, mandriva
advisories | CVE-2007-3108, CVE-2007-5135
SHA-256 | e2a55a0ddfe0e74375fa35335a37ec3b8f8a492c3c7d3bbcc030dfe764c45c83
Ubuntu Security Notice 522-1
Posted Sep 30, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 522-1 - It was discovered that OpenSSL did not correctly perform Montgomery multiplications. Local attackers might be able to reconstruct RSA private keys by examining another user's OpenSSL processes. Moritz Jodeit discovered that OpenSSL's SSL_get_shared_ciphers function did not correctly check the size of the buffer it was writing to. A remote attacker could exploit this to write one NULL byte past the end of an application's cipher list buffer, possibly leading to arbitrary code execution or a denial of service.

tags | advisory, remote, denial of service, arbitrary, local, code execution
systems | linux, ubuntu
advisories | CVE-2007-3108, CVE-2007-5135
SHA-256 | 07593e231df1e5dc0f594139f370e808bd38529d8959b1b5b701f3d15f5be2e0
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close