Your submission was sent successfully! Close

CVE-2014-0076

Published: 25 March 2014

The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.

Priority

Medium

Status

Package Release Status
openssl
Launchpad, Ubuntu, Debian
lucid Not vulnerable
(code not present)
precise
Released (1.0.1-4ubuntu5.12)
quantal
Released (1.0.1c-3ubuntu2.7)
saucy
Released (1.0.1e-3ubuntu1.2)
upstream Needs triage

Patches:
upstream: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4b7a4ba29cafa432fc4266fe6e59e60bc1c96332 (1.0.1)
upstream: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=40acdb192e035f463d3c39c23fd8a68cf54df378 (1.0.1)
openssl098
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Not vulnerable
(code not present)
quantal Not vulnerable
(code not present)
saucy Not vulnerable
(code not present)
upstream Needs triage