5.1

CVE-2016-0702

The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version1.0.1
OpenSSLOpenSSL Version1.0.1 Updatebeta1
OpenSSLOpenSSL Version1.0.1 Updatebeta2
OpenSSLOpenSSL Version1.0.1 Updatebeta3
OpenSSLOpenSSL Version1.0.1a
OpenSSLOpenSSL Version1.0.1b
OpenSSLOpenSSL Version1.0.1c
OpenSSLOpenSSL Version1.0.1d
OpenSSLOpenSSL Version1.0.1e
OpenSSLOpenSSL Version1.0.1f
OpenSSLOpenSSL Version1.0.1g
OpenSSLOpenSSL Version1.0.1h
OpenSSLOpenSSL Version1.0.1i
OpenSSLOpenSSL Version1.0.1j
OpenSSLOpenSSL Version1.0.1k
OpenSSLOpenSSL Version1.0.1l
OpenSSLOpenSSL Version1.0.1m
OpenSSLOpenSSL Version1.0.1n
OpenSSLOpenSSL Version1.0.1o
OpenSSLOpenSSL Version1.0.1p
OpenSSLOpenSSL Version1.0.1q
OpenSSLOpenSSL Version1.0.1r
OpenSSLOpenSSL Version1.0.2
OpenSSLOpenSSL Version1.0.2 Updatebeta1
OpenSSLOpenSSL Version1.0.2 Updatebeta2
OpenSSLOpenSSL Version1.0.2 Updatebeta3
OpenSSLOpenSSL Version1.0.2a
OpenSSLOpenSSL Version1.0.2b
OpenSSLOpenSSL Version1.0.2c
OpenSSLOpenSSL Version1.0.2d
OpenSSLOpenSSL Version1.0.2e
OpenSSLOpenSSL Version1.0.2f
NodejsNode.Js SwEdition- Version >= 4.0.0 <= 4.1.2
NodejsNode.Js SwEditionlts Version >= 4.2.0 < 4.3.2
NodejsNode.Js SwEdition- Version >= 5.0.0 < 5.7.1
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
CanonicalUbuntu Linux Version12.04 SwEdition-
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version15.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.91% 0.771
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.1 1.4 3.6
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 1.9 3.4 2.9
AV:L/AC:M/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
Patch
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2957.html
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05376917
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00006.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00007.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00010.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00012.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00025.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00038.html
Third Party Advisory
Mailing List
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00015.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00017.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00005.html
Third Party Advisory
Mailing List
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl
Third Party Advisory
http://www.securitytracker.com/id/1035133
Third Party Advisory
VDB Entry
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03741en_us
Third Party Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40168
Third Party Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:12.openssl.asc
Third Party Advisory
https://security.gentoo.org/glsa/201603-15
Third Party Advisory
https://www.openssl.org/news/secadv/20160301.txt
Third Party Advisory
http://openssl.org/news/secadv/20160301.txt
Vendor Advisory
http://cachebleed.info
Broken Link
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html
Third Party Advisory
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00018.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00029.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00030.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00036.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00055.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00019.html
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=145889460330120&w=2
Third Party Advisory
Mailing List
http://www.debian.org/security/2016/dsa-3500
Third Party Advisory
http://www.ubuntu.com/usn/USN-2914-1
Third Party Advisory
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=708dc2f1291e104fe4eef810bb8ffc1fae5b19c1
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05052990
Third Party Advisory