Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0076

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-0076
Last Modified 15 May 2015 09:59:18
Published 25 Mar 2014 09:25:21
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-0076

Summary

The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.

Vulnerable Systems

Application

  • Openssl 0.9.1c

  • Openssl 0.9.2b

  • Openssl 0.9.3

  • Openssl 0.9.3a

  • Openssl 0.9.4

  • Openssl 0.9.5

  • Openssl 0.9.5a

  • Openssl 0.9.6

  • Openssl 0.9.6a

  • Openssl 0.9.6b

  • Openssl 0.9.6c

  • Openssl 0.9.6d

  • Openssl 0.9.6e

  • Openssl 0.9.6f

  • Openssl 0.9.6g

  • Openssl 0.9.6h

  • Openssl 0.9.6i

  • Openssl 0.9.6j

  • Openssl 0.9.6k

  • Openssl 0.9.6l

  • Openssl 0.9.6m

  • Openssl 0.9.7

  • Openssl 0.9.7a

  • Openssl 0.9.7b

  • Openssl 0.9.7c

  • Openssl 0.9.7d

  • Openssl 0.9.7e

  • Openssl 0.9.7f

  • Openssl 0.9.7g

  • Openssl 0.9.7h

  • Openssl 0.9.7i

  • Openssl 0.9.7j

  • Openssl 0.9.7k

  • Openssl 0.9.7l

  • Openssl 0.9.7m

  • Openssl 0.9.8

  • Openssl 0.9.8a

  • Openssl 0.9.8b

  • Openssl 0.9.8c

  • Openssl 0.9.8d

  • Openssl 0.9.8e

  • Openssl 0.9.8f

  • Openssl 0.9.8g

  • Openssl 0.9.8h

  • Openssl 0.9.8i

  • Openssl 0.9.8j

  • Openssl 0.9.8k

  • Openssl 0.9.8l

  • Openssl 0.9.8m

  • Openssl 0.9.8n

  • Openssl 0.9.8o

  • Openssl 0.9.8p

  • Openssl 0.9.8q

  • Openssl 0.9.8r

  • Openssl 0.9.8s

  • Openssl 0.9.8t

  • Openssl 0.9.8u

  • Openssl 0.9.8v

  • Openssl 0.9.8w

  • Openssl 0.9.8x

  • Openssl 0.9.8y

  • Openssl 1.0.0

  • Openssl 1.0.0a

  • Openssl 1.0.0b

  • Openssl 1.0.0c

  • Openssl 1.0.0d

  • Openssl 1.0.0e

  • Openssl 1.0.0f

  • Openssl 1.0.0g

  • Openssl 1.0.0h

  • Openssl 1.0.0i

  • Openssl 1.0.0j

  • Openssl 1.0.0k

  • Openssl 1.0.0l


References

CONFIRM - https://bugzilla.novell.com/show_bug.cgi?id=869945

CONFIRM - https://bugs.gentoo.org/show_bug.cgi?id=505278

CONFIRM - http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2198be3483259de374f91e57d247d0fc667aef29

MISC - http://eprint.iacr.org/2014/140

CONFIRM - http://www.openssl.org/news/secadv_20140605.txt

CISCO - 20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products

CONFIRM - https://kc.mcafee.com/corporate/index?page=content&id=SB10075

BID - 66363

CONFIRM - http://www.novell.com/support/kb/doc.php?id=7015300

CONFIRM - http://www.novell.com/support/kb/doc.php?id=7015264

MANDRIVA - MDVSA-2014:067

CONFIRM - http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21677828

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21677695

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21676655

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21676424

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21676419

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21676062

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21676035

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21673137

SECUNIA - 59721

SECUNIA - 59655

SECUNIA - 59514

SECUNIA - 59495

SECUNIA - 59490

SECUNIA - 59450

SECUNIA - 59438

SECUNIA - 59413

SECUNIA - 59300

SECUNIA - 59162

SECUNIA - 58939

SECUNIA - 58727

CONFIRM - http://advisories.mageia.org/MGASA-2014-0165.html

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=isg400001843

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=isg400001841

SECUNIA - 60571

CONFIRM - http://support.apple.com/kb/HT6443

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

MANDRIVA - MDVSA-2015:062

BUGTRAQ - 20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE

MISC - http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21676092

Related Patches

Apple 2014-09-17 Mac OS X 10.9.5 Update

Apple 2014-09-17 Mac OS X 10.9.5 Combo Update

Apple 2014-09-17 Security Update 2014-004 (Lion)

Apple 2014-09-17 Security Update 2014-004 (Mountain Lion)

Apple 2014-09-17 Security Update 2014-004 Server (Lion)

VMware VMSA-2014-0004 VMSA-2014-0005 VMware Player 6.0.2 for Windows (Update) (All Languages) (See Notes) (Rev 2)

VMware VMSA-2014-0004 VMSA-2014-0005 VMware Workstation 10.0.2 for Windows (Update) (All Languages) (See Notes) (Rev 2)

VMware VMSA-2014-0004 VMware Fusion 6.0.3 for Mac (See Notes)


Last Updated: 27 May 2016 11:05:46