PT-2007-1088 · Openssl+1 · Openssl+1

Published

2007-08-08

Updated

2024-06-15

CVE-2007-3108

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: OpenSSL versions 0.9.8e and earlier

Description: The issue concerns a problem with Montgomery multiplication in the BN from montgomery function, potentially allowing local users to conduct a side-channel attack and retrieve RSA private keys. Additionally, there are multiple vulnerabilities in the OpenSSL package that can lead to breaches of confidentiality, integrity, and availability of protected information, and these can be exploited remotely.

Recommendations: For OpenSSL versions 0.9.8e and earlier, update to a version later than 0.9.8e to resolve the issue. As a temporary workaround, consider restricting access to sensitive information and RSA private keys to minimize the risk of exploitation.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2015-09567

CVE-2007-3108

DSA-1571-1

OPENSUSE-SU-2024:11125-1

OPENSUSE-SU-2024:11126-1

OPENSUSE-SU-2024:11127-1

RHSA-2007:0813

RHSA-2007:0964

RHSA-2007:1003

RHSA-2007_0964

RHSA-2007_1003

SUSE-FU-2022:0445-1

Affected Products

Openssl

Red Hat

PT-2007-1088 · Openssl+1 · Openssl+1

CVE-2007-3108

Weakness Enumeration

Related Identifiers

Affected Products

References · 202