CVE

Id
6907  
CVE No.
CVE-2003-0078  
Status
Entry  
Description
ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack."  
Phase
 
Votes
 
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
39554 6907 CVE-2003-0078 CONFIRM:http://www.openssl.org/news/secadv_20030219.txt  View
39555 6907 CVE-2003-0078 BUGTRAQ:20030219 OpenSSL 0.9.7a and 0.9.6i released  View
39556 6907 CVE-2003-0078 URL:http://marc.info/?l=bugtraq&m=104567627211904&w=2  View
39557 6907 CVE-2003-0078 CONECTIVA:CLSA-2003:570  View
39558 6907 CVE-2003-0078 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000570  View
39559 6907 CVE-2003-0078 DEBIAN:DSA-253  View
39560 6907 CVE-2003-0078 URL:http://www.debian.org/security/2003/dsa-253  View
39561 6907 CVE-2003-0078 ENGARDE:ESA-20030220-005  View
39562 6907 CVE-2003-0078 URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2874.html  View
39563 6907 CVE-2003-0078 FREEBSD:FreeBSD-SA-03:02  View
39564 6907 CVE-2003-0078 GENTOO:GLSA-200302-10  View
39565 6907 CVE-2003-0078 URL:http://marc.info/?l=bugtraq&m=104577183206905&w=2  View
39566 6907 CVE-2003-0078 REDHAT:RHSA-2003:062  View
39567 6907 CVE-2003-0078 URL:http://www.redhat.com/support/errata/RHSA-2003-062.html  View
39568 6907 CVE-2003-0078 REDHAT:RHSA-2003:063  View
39569 6907 CVE-2003-0078 URL:http://www.redhat.com/support/errata/RHSA-2003-063.html  View
39570 6907 CVE-2003-0078 REDHAT:RHSA-2003:082  View
39571 6907 CVE-2003-0078 URL:http://www.redhat.com/support/errata/RHSA-2003-082.html  View
39572 6907 CVE-2003-0078 REDHAT:RHSA-2003:104  View
39573 6907 CVE-2003-0078 URL:http://www.redhat.com/support/errata/RHSA-2003-104.html  View
39574 6907 CVE-2003-0078 REDHAT:RHSA-2003:205  View
39575 6907 CVE-2003-0078 URL:http://www.redhat.com/support/errata/RHSA-2003-205.html  View
39576 6907 CVE-2003-0078 SGI:20030501-01-I  View
39577 6907 CVE-2003-0078 URL:ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I  View
39578 6907 CVE-2003-0078 TRUSTIX:2003-0005  View
39579 6907 CVE-2003-0078 URL:http://www.trustix.org/errata/2003/0005  View
39580 6907 CVE-2003-0078 MANDRAKE:MDKSA-2003:020  View
39581 6907 CVE-2003-0078 URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:020  View
39582 6907 CVE-2003-0078 NETBSD:NetBSD-SA2003-001  View
39583 6907 CVE-2003-0078 URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-001.txt.asc  View
39584 6907 CVE-2003-0078 SUSE:SuSE-SA:2003:011  View
39585 6907 CVE-2003-0078 BUGTRAQ:20030219 [OpenPKG-SA-2003.013] OpenPKG Security Advisory (openssl)  View
39586 6907 CVE-2003-0078 URL:http://marc.info/?l=bugtraq&m=104568426824439&w=2  View
39587 6907 CVE-2003-0078 CIAC:N-051  View
39588 6907 CVE-2003-0078 URL:http://www.ciac.org/ciac/bulletins/n-051.shtml  View
39589 6907 CVE-2003-0078 BID:6884  View
39590 6907 CVE-2003-0078 URL:http://www.securityfocus.com/bid/6884  View
39591 6907 CVE-2003-0078 XF:ssl-cbc-information-leak(11369)  View
39592 6907 CVE-2003-0078 URL:http://www.iss.net/security_center/static/11369.php  View
39593 6907 CVE-2003-0078 OSVDB:3945  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
63800 JVNDB-2002-000127 hanterm-xf の DEC UDK 処理におけるサービス運用妨害 (DoS) の脆弱性 ------------ CVE-2003-0079 6907 2.1 http://jvndb.jvn.jp/ja/contents/2002/JVNDB-2002-000127.html  View