CVE-2013-5915

Sažetak

The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly perform Montgomery multiplication, which might allow remote attackers to conduct a timing side-channel attack and retrieve RSA private keys.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2013-October/118758.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119014.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-October/119018.html
http://osvdb.org/98049
http://secunia.com/advisories/55084
http://www.debian.org/security/2013/dsa-2782
http://www.securityfocus.com/bid/62771
https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-05

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

31-10-2013 - 03:35

Objavljeno

04-10-2013 - 17:55