Описание
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.
It was found that OpenSSL's BigNumber Squaring implementation could produce incorrect results under certain special conditions. This flaw could possibly affect certain OpenSSL library functionality, such as RSA blinding. Note that this issue occurred rarely and with a low probability, and there is currently no known way of exploiting it.
Отчет
This issue affects the version of openssl098e as shipped with Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this issue as having Low security impact and does not plan to address this flaw for the above components in any future security updates. This issue affects the version of openssl and openssl097a as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | openssl | Affected | ||
| Red Hat Enterprise Linux 5 | openssl097a | Will not fix | ||
| Red Hat Enterprise Linux 6 | openssl098e | Will not fix | ||
| Red Hat Enterprise Linux 7 | openssl098e | Will not fix | ||
| Red Hat JBoss Enterprise Application Platform 6 | openssl | Affected | ||
| Red Hat JBoss Enterprise Web Server 1 | openssl | Will not fix | ||
| Red Hat Storage 2.1 | openssl | Affected | ||
| Red Hat Enterprise Linux 6 | openssl | Fixed | RHSA-2015:0066 | 21.01.2015 |
| Red Hat Enterprise Linux 7 | openssl | Fixed | RHSA-2015:0066 | 21.01.2015 |
| Red Hat JBoss Enterprise Application Platform 6.4 | Fixed | RHSA-2015:0849 | 16.04.2015 |
Показывать по
Дополнительная информация
Статус:
3.7 Low
CVSS3
2.6 Low
CVSS2
Связанные уязвимости
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0. ...
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.
3.7 Low
CVSS3
2.6 Low
CVSS2