CVE-2014-0076
Vulnerability Summary
Timeline
Description
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.
CVSS Metrics
- v2.0•LOW•Score: 1.9AV:L/AC:M/Au:N/C:P/I:N/A:N
EPSS Trends
Current EPSS score: 0.36%• Percentile: 58%
Techniques & Countermeasures
- CWE-310•Cryptographic Issues
Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.
Affected Systems
- Unknown•OpenSSL
≤ 1.0.0l | 0.9.1c | 0.9.2b | 0.9.3 | 0.9.3a | 0.9.4 | 0.9.5 | 0.9.5:beta1 | 0.9.5:beta2 | 0.9.5a | 0.9.5a:beta1 | 0.9.5a:beta2 | 0.9.6 | 0.9.6:beta1 | 0.9.6:beta2 | 0.9.6:beta3 | 0.9.6a | 0.9.6a:beta1 | 0.9.6a:beta2 | 0.9.6a:beta3 | 0.9.6b | 0.9.6c | 0.9.6d | 0.9.6e | 0.9.6f | 0.9.6g | 0.9.6h | 0.9.6i | 0.9.6j | 0.9.6k | 0.9.6l | 0.9.6m | 0.9.7 | 0.9.7:beta1 | 0.9.7:beta2 | 0.9.7:beta3 | 0.9.7:beta4 | 0.9.7:beta5 | 0.9.7:beta6 | 0.9.7a | 0.9.7b | 0.9.7c | 0.9.7d | 0.9.7e | 0.9.7f | 0.9.7g | 0.9.7h | 0.9.7i | 0.9.7j | 0.9.7k | 0.9.7l | 0.9.7m | 0.9.8 | 0.9.8a | 0.9.8b | 0.9.8c | 0.9.8d | 0.9.8e | 0.9.8f | 0.9.8g | 0.9.8h | 0.9.8i | 0.9.8j | 0.9.8k | 0.9.8l | 0.9.8m | 0.9.8m:beta1 | 0.9.8n | 0.9.8o | 0.9.8p | 0.9.8q | 0.9.8r | 0.9.8s | 0.9.8t | 0.9.8u | 0.9.8v | 0.9.8w | 0.9.8x | 0.9.8y | 1.0.0 | 1.0.0:beta1 | 1.0.0:beta2 | 1.0.0:beta3 | 1.0.0:beta4 | 1.0.0:beta5 | 1.0.0a | 1.0.0b | 1.0.0c | 1.0.0d | 1.0.0e | 1.0.0f | 1.0.0g | 1.0.0h | 1.0.0i | 1.0.0j | 1.0.0k
References (64)
- http://www.novell.com/support/kb/doc.php?id=7015300
- http://secunia.com/advisories/59264
- http://secunia.com/advisories/59454
- http://www.securityfocus.com/bid/66363
- http://secunia.com/advisories/58492
- http://www.novell.com/support/kb/doc.php?id=7015264
- https://bugs.gentoo.org/show_bug.cgi?id=505278
- http://secunia.com/advisories/59445
- http://marc.info/?l=bugtraq&m=140266410314613&w=2
- http://www-01.ibm.com/support/docview.wss?uid=swg21676655
- http://www-01.ibm.com/support/docview.wss?uid=swg21676092
- http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2198be3483259de374f91e57d247d0fc667aef29
- http://www-01.ibm.com/support/docview.wss?uid=isg400001843
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
- http://marc.info/?l=bugtraq&m=140317760000786&w=2
- http://www-01.ibm.com/support/docview.wss?uid=swg21677828
- http://marc.info/?l=bugtraq&m=140621259019789&w=2
- http://secunia.com/advisories/59300
- http://advisories.mageia.org/MGASA-2014-0165.html
- http://www-01.ibm.com/support/docview.wss?uid=swg21677695
- http://lists.opensuse.org/opensuse-updates/2014-04/msg00007.html
- http://secunia.com/advisories/59495
- http://www-01.ibm.com/support/docview.wss?uid=isg400001841
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://secunia.com/advisories/59655
- http://secunia.com/advisories/59374
- http://www-01.ibm.com/support/docview.wss?uid=swg21676501
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://marc.info/?l=bugtraq&m=140389274407904&w=2
- http://secunia.com/advisories/58939
- http://secunia.com/advisories/59514
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl
- https://kc.mcafee.com/corporate/index?page=content&id=SB10075
- http://www-01.ibm.com/support/docview.wss?uid=swg21676419
- http://secunia.com/advisories/59438
- http://marc.info/?l=bugtraq&m=140482916501310&w=2
- http://secunia.com/advisories/58727
- http://www.openssl.org/news/secadv_20140605.txt
- http://support.apple.com/kb/HT6443
- http://www.ubuntu.com/usn/USN-2165-1
- http://marc.info/?l=bugtraq&m=140904544427729&w=2
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:067
- http://marc.info/?l=bugtraq&m=140752315422991&w=2
- https://bugzilla.novell.com/show_bug.cgi?id=869945
- http://secunia.com/advisories/59040
- http://marc.info/?l=bugtraq&m=140389355508263&w=2
- http://secunia.com/advisories/59175
- http://marc.info/?l=bugtraq&m=140448122410568&w=2
- http://secunia.com/advisories/59413
- http://secunia.com/advisories/59721
- http://www-01.ibm.com/support/docview.wss?uid=swg21676062
- http://www-01.ibm.com/support/docview.wss?uid=swg21673137
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
- http://www-01.ibm.com/support/docview.wss?uid=swg21676035
- http://secunia.com/advisories/59450
- http://secunia.com/advisories/59364
- http://www-01.ibm.com/support/docview.wss?uid=swg21676424
- http://secunia.com/advisories/60571
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
- http://secunia.com/advisories/59162
- http://secunia.com/advisories/59490
- http://eprint.iacr.org/2014/140