David Brumley

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions 0.9.5a through 0.9.6b **Description** The issue concerns multiple vulnerabilities in the OpenSSL package of Red Hat Linux, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. The vulnerabilities can be exploited by determining factors using timing differences on the number of extra reductions during Montgomery reduction and the use of different integer multiplication algorithms. **Recommendations** For versions 0.9.5a through 0.9.6b, consider disabling the use of RSA blinding by default as a temporary workaround until a patch is available. Restrict access to sensitive information and minimize the risk of exploitation by limiting remote access to the affected systems. At the moment, there is no information about a newer version that contains a fix for this vulnerability.