[MBT] new ticket for pkg openssl "Klima-Pokorny-Rosa attack"
bugs at pld.org.pl
bugs at pld.org.pl
Fri Mar 28 17:54:41 CET 2003
Date: 2003-03-28 17:54:39+01 Author: (kreutzm) <kreutzm at itp.uni-hannover.de>
Title: Klima-Pokorny-Rosa attack
Ticket ID: #625
Ticket URL: http://bugs.pld.org.pl/?bug=625
Package: openssl-1:0.9.6i-1
Distribution: PLD-1.0.updates.security
Category: unknown
Current state: opened
Text:
Quoting "CAN-2003-0131"
The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack."
Patch:
http://marc.theaimsgroup.com/?l=bugtraq&m=104811162730834&w=2
More information about the pld-bugs
mailing list