exploits , vulnerabilities , articles , OpenSSL Montgomery Exponentiation Side-Channel Local Information Disclosure Vulnerability

Title	OpenSSL Montgomery Exponentiation Side-Channel Local Information Disclosure Vulnerability
Published	2007-08-01-12:00AM
Updated	2008-01-23-11:28PM
Class	Design Error
CVE	CVE-2007-3108
Remote	No
Local	Yes
Credit	The vendor disclosed this issue.
Vulnerable	VMWare ESX Server 3.0.2 VMWare ESX Server 3.0.1 VMWare ESX Server 2.5.5 patch 2 VMWare ESX Server 2.5.4 patch 13 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Turbolinux Turbolinux Server 10.0 Turbolinux Turbolinux Server 10.0.0 x64 TurboLinux Personal TurboLinux Multimedia Turbolinux FUJI 0 Turbolinux Appliance Server Workgroup Edition 1.0 Turbolinux Appliance Server Hosting Edition 1.0 Turbolinux Appliance Server 1.0 Workgroup Edition Turbolinux Appliance Server 1.0 Hosting Edition Turbolinux Appliance Server 2.0 TransSoft Broker FTP Server 8.0 rPath rPath Linux 1 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux WS 2.1 IA64 RedHat Enterprise Linux WS 2.1 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux ES 2.1 IA64 RedHat Enterprise Linux ES 2.1 RedHat Enterprise Linux Desktop Workstation 5 client RedHat Enterprise Linux Desktop 5 client RedHat Enterprise Linux AS 4 RedHat Enterprise Linux AS 3 RedHat Enterprise Linux AS 2.1 IA64 RedHat Enterprise Linux AS 2.1 RedHat Enterprise Linux 5 server RedHat Desktop 4.0 RedHat Desktop 3.0 RedHat Advanced Workstation for the Itanium Processor 2.1 IA64 RedHat Advanced Workstation for the Itanium Processor 2.1 OpenSSL Project OpenSSL 0.9.8 e OpenSSL Project OpenSSL 0.9.8 d OpenSSL Project OpenSSL 0.9.8 c OpenSSL Project OpenSSL 0.9.8 b OpenSSL Project OpenSSL 0.9.8 a OpenSSL Project OpenSSL 0.9.8 Gentoo Linux OpenBSD OpenBSD 4.0 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Linux Mandrake 2007.1 x86_64 MandrakeSoft Linux Mandrake 2007.1 MandrakeSoft Linux Mandrake 2007.0 x86_64 MandrakeSoft Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 Gentoo Linux Foresight Linux Foresight Linux 1.1 Blue Coat Systems SGME Blue Coat Systems SGClient 0 Blue Coat Systems ProxySG 0 Blue Coat Systems ProxyAV Blue Coat Systems Blue Coat Reporter 7.1.2 Blue Coat Systems Blue Coat Reporter 7.1.1 .1 Blue Coat Systems Blue Coat Reporter 7.0 Avaya EMMC 1.021 Avaya EMMC 1.017 Avaya Communication Manager 3.0 Avaya Communication Manager Server DEFINITY Server SI/CS Avaya Communication Manager Server DEFINITY Server SI/CS Avaya Communication Manager Server S8100 Avaya Communication Manager Server S8100 Avaya Communication Manager Server S8300 Avaya Communication Manager Server S8300 Avaya Communication Manager Server S8500 Avaya Communication Manager Server S8500 Avaya Communication Manager Server S8700 Avaya Communication Manager Server S8700 Avaya CCS 3.1 Avaya CCS 3.0 Avaya CCS 2.0 Avaya AES 3.1.4
Not Vulnerable
Code	Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: content@securitydot.net.
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-17 Mozilla Firefox CVE-2009-3979 Multiple Remote Memory Corruption Vulnerabilities
• 2009-12-17 Mozilla Firefox CVE-2009-3981 Remote Memory Corruption Vulnerability
• 2009-12-17 Drupal Sections Module HTML Injection Vulnerability
• 2009-12-17 Mozilla Firefox and SeaMonkey Theora Video Library Remote Integer Overflow Vulnerability
• 2009-12-17 Mozilla Firefox and Sea Monkey Insecure Protocol Location Bar Spoofing Vulnerability
• 2009-12-17 Mozilla Firefox and Sea Monkey Content Injection Spoofing Vulnerability
• 2009-12-17 Mozilla Firefox/SeaMonkey GeckoActiveXObject Exception Message COM Object Enumeration Vulnerability
• 2009-12-16 ZABBIX Denial Of Service and SQL Injection Vulnerabilities
• 2009-12-16 IBM WebSphere Application Server JNDI Remote Information Disclosure Vulnerability
• 2009-12-16 Horde Application Framework Administration Interface Cross-Site Scripting Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Thu, 17 Dec 2009 14:51:37 +0000