PT-2016-1331 · Openssl+9 · Openssl+11
Daniel Genkin
+2
·
Published
2016-03-01
·
Updated
2024-06-15
·
CVE-2016-0702
CVSS v3.1
5.1
Medium
| Vector | AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
OpenSSL versions 1.0.1 through 1.0.1s
OpenSSL versions 1.0.2 through 1.0.2g
Description
The issue is related to the MOD EXP CTIME COPY FROM PREBUF function in OpenSSL, which does not properly consider cache-bank access times during modular exponentiation. This makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, also known as a "CacheBleed" attack. The vulnerability allows attackers to recover RSA keys via a side-channel attack.
Recommendations
For OpenSSL versions 1.0.1 through 1.0.1s, update to version 1.0.1s or later.
For OpenSSL versions 1.0.2 through 1.0.2g, update to version 1.0.2g or later.
As a temporary workaround, consider restricting access to the MOD EXP CTIME COPY FROM PREBUF function until a patch is available.
Avoid using the
MOD EXP CTIME COPY FROM PREBUF function in the affected OpenSSL versions until the issue is resolved.Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Centos
Cisco Asa
Cisco Nexus
Cisco Wls
Freebsd
Ibm Aix
Junos
Openssl
Red Hat
Suse
Ubuntu