Hewlett-Packard Company Information for VU#997481

Cryptographic libraries and applications do not adequately defend against timing attacks

Status

Affected

Vendor Statement

SOURCE: Hewlett-Packard Company Software Security Response Team

RE: SSRT3518 - VU#997481

At the time of writing this document, Hewlett Packard is currently investigating the potential impact to HP's released Operating System software products for HP-UX, HP Tru64 UNIX and HP OpenVMS. It is however unlikely that this presents any significant threat where RSA (blinding) may be used for layered product applications.

Not Impacted: HP NonStop Servers (Atalla)

As further information becomes available HP will provide notice of the availability of any necessary patches through standard security bulletin announcements and be available from your normal HP Services support channel.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

Please see HPSBUX0304-0255/SSRT3518.

If you have feedback, comments, or additional information about this vulnerability, please send us email.