Hewlett-Packard Company Information for VU#997481
Cryptographic libraries and applications do not adequately defend against timing attacks
- Vendor Information Help Date Notified: 11 Mar 2003
- Statement Date:
- Date Updated: 29 Apr 2003
SOURCE: Hewlett-Packard Company Software Security Response Team
RE: SSRT3518 - VU#997481
At the time of writing this document, Hewlett Packard is currently investigating the potential impact to HP's released Operating System software products for HP-UX, HP Tru64 UNIX and HP OpenVMS. It is however unlikely that this presents any significant threat where RSA (blinding) may be used for layered product applications.
Not Impacted: HP NonStop Servers (Atalla)
As further information becomes available HP will provide notice of the availability of any necessary patches through standard security bulletin announcements and be available from your normal HP Services support channel.
The vendor has not provided us with any further information regarding this vulnerability.
Please see HPSBUX0304-0255/SSRT3518.
If you have feedback, comments, or additional information about this vulnerability, please send us email.