CVE-2007-3108
Published: 7 August 2007
The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.
From the Ubuntu security team
It was discovered that OpenSSL did not correctly perform Montgomery multiplications. Local attackers might be able to reconstruct RSA private keys by examining another user's OpenSSL processes.
Priority
Status
Package | Release | Status |
---|---|---|
openssl Launchpad, Ubuntu, Debian |
dapper |
Released
(0.9.8a-7ubuntu0.4)
|
edgy |
Released
(0.9.8b-2ubuntu2.1)
|
|
feisty |
Released
(0.9.8c-4ubuntu0.1)
|
|
gutsy |
Released
(0.9.8e-5ubuntu2)
|
|
hardy |
Released
(0.9.8e-5ubuntu2)
|
|
intrepid |
Released
(0.9.8e-5ubuntu2)
|
|
jaunty |
Released
(0.9.8e-5ubuntu2)
|
|
karmic |
Released
(0.9.8e-5ubuntu2)
|
|
upstream |
Released
(0.9.8f)
|
|
openssl097 Launchpad, Ubuntu, Debian |
dapper |
Ignored
(reached end-of-life)
|
edgy |
Needed
(reached end-of-life)
|
|
feisty |
Needed
(reached end-of-life)
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
upstream |
Needs triage
|