Overview
SSL/TLS implementations that respond distinctively to an incorrect PKCS #1 v1.5 encoded SSL/TLS version number expose the premaster secret to a modified Bleichenbacher attack. An attacker could decrypt a given SSL/TLS session or forge a signature on behalf of a vulnerable application's private RSA key.
Description
Vlastimil Klíma, Ondᖞj Pokorný, and Tomáš Rosa have published a research paper describing a modified Bleichenbacher attack against RSA-based SSL/TLS applications. As in Bleichenbacher, the new attack uses side channel information from error messages and seeks to discover the premaster secret that is used as a basis for SSL/TLS session keys. The Bleichenbacher attack (CA-1998-07) is computationally feasible against RSA-based applications that use Public-Key Cryptography Standard (PKCS) #1 v1.5 and return distinctive errors when the premaster secret in the Client hello message is not properly formatted. By sending a large number of chosen ciphertexts (premaster secrets) and monitoring the applications' responses, an attacker can discover the correct premaster secret for a given SSL/TLS session. With the premaster secret for a previously captured SSL/TLS session, the attacker can generate the correct master secret and session keys and decrypt the captured session. For more information about the Bleichenbacher attack, see Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1, RSA Laboratories Bulletin Number 7, and CERT Advisory CA-1998-07. |
Impact
An attacker who is able to capture an encrypted SSL/TLS session and query the server while it is using the same private RSA key that was used for the captured session could decrypt the captured session. An attacker could also forge a signature that appeared to be from the server (section 3.4). |
Solution
Upgrade or Patch |
Manage private keys |
Vendor Information
Apple Computer Inc. Affected
Notified: April 18, 2003 Updated: April 22, 2003
Status
Affected
Vendor Statement
Apple: The patch from the OpenSSL team to fix this vulnerability is available in Mac OS X 10.2.5, and may be obtained via: http://www.info.apple.com/support/downloads.html
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
See also: APPLE-SA-2003-04-10.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Conectiva Affected
Notified: April 18, 2003 Updated: April 22, 2003
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Please see CLSA-2003:625.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Debian Affected
Notified: April 18, 2003 Updated: April 22, 2003
Status
Affected
Vendor Statement
We have addressed this issue in DSA 288
http://www.debian.org/security/2003/dsa-288
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
F5 Networks Affected
Notified: April 18, 2003 Updated: April 18, 2003
Status
Affected
Vendor Statement
F5 Networks has released a patch for the following products and versions:
BIG-IP versions 4.2 through 4.5
3-DNS versions 4.2 through 4.5
BIG-IP Blade Controller version 4.2.3 PTF-01
Patch locations and more information can be found here:
http://tech.f5.com/home/bigip/solutions/security/sol2379.html
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
FreeBSD Affected
Notified: April 18, 2003 Updated: April 22, 2003
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Please see FreeBSD-SA-03:06.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
GNU TLS Affected
Notified: April 15, 2003 Updated: April 22, 2003
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
This issue is addressed in GnuTLS 0.8.5.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Gentoo Linux Affected
Updated: April 22, 2003
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
<http://forums.gentoo.org/viewtopic.php?t=43402>
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Guardian Digital Inc. Affected
Notified: April 18, 2003 Updated: April 22, 2003
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Please see ESA-20030320-010.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Hewlett-Packard Company Affected
Notified: April 18, 2003 Updated: April 29, 2003
Status
Affected
Vendor Statement
SOURCE: Hewlett-Packard Company HP Services Software Security Response Team
x-ref: SSRT3518, SSRT3499
At the time of writing this document, Hewlett Packard is currently investigating the potential impact to HP's released Operating System software products.
As further information becomes available HP will provide notice of the availability of any necessary patches through standard security bulletin announcements and be available from your normal HP Services support channel.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Please see HPSBUX0304-0255/SSRT3499.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
IBM Affected
Notified: April 18, 2003 Updated: June 17, 2003
Status
Affected
Vendor Statement
The AIX operating system does not ship with SSL. However, SSL is available for installation on AIX from the Linux Affinity Toolbox.
The Linux Affinity Toolbox contains OpenSSL 0.9.6g-3 which is not vulnerable to the issues discussed in CERT Vulnerability Note VU#888801 and any advisories which follow.
Users using an earlier version of OpenSSL should download the most recent version as soon as possible.
The Linux Affinity Toolbox is available at:
http://www-1.ibm.com/servers/aix/products/aixos/linux/download.html
This software is offered on an "as-is" and is unwarranted.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Ingrian Networks Affected
Notified: April 18, 2003 Updated: April 22, 2003
Status
Affected
Vendor Statement
Ingrian Networks has addressed the Klima-Pokorny-Rosa attack in release 2.9.0. See http://www.ingrian.com/support or your Ingrian service representative.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Mirapoint Affected
Notified: April 18, 2003 Updated: April 22, 2003
Status
Affected
Vendor Statement
Mirapoint released a fix for the attack described by Klima-Pokorny-Rosa on February 21, 2003. Details of the patch that addresses this (D3_SSL) can be found on the Mirapoint secure support center.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
NetBSD Affected
Notified: April 18, 2003 Updated: April 21, 2003
Status
Affected
Vendor Statement
No services using SSL/TLS are enabled by default in NetBSD, however, by enabling services built with these libraries, a system could become vulnerable to the compromise.
A description and resolution procedure is available here:
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-007.txt.asc
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
See also the list of patches included in NetBSD 1.6.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
OpenBSD Affected
Notified: April 18, 2003 Updated: April 22, 2003
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
<http://www.openbsd.org/errata32.html#kpr>
If you have feedback, comments, or additional information about this vulnerability, please send us email.
OpenPKG Affected
Updated: April 22, 2003
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Please see OpenPKG-SA-2003.026.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
OpenSSL Affected
Notified: April 18, 2003 Updated: April 22, 2003
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
This issue is addressed in OpenSSL 0.9.7b and 0.9.6j. OpenSSL has also posted an advisory that includes a patch for earlier versions.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Red Hat Inc. Affected
Notified: April 18, 2003 Updated: April 18, 2003
Status
Affected
Vendor Statement
Various Red Hat products have shipped with OpenSSL packages vulnerable to this issue. Updated OpenSSL packages that contain a backported security patch to protect against this vulnerability are available along with our advisories at the URLs below. Users of the Red Hat Network can update their systems using the 'up2date' tool.
Red Hat Linux:
http://rhn.redhat.com/errata/RHSA-2003-101.html
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2003-102.html
Red Hat Stronghold Web Server 4 (Cross platform):
http://rhn.redhat.com/errata/RHSA-2003-116.html
Red Hat Stronghold Web Server 3:
http://rhn.redhat.com/errata/RHSA-2003-117.html
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
SGI Affected
Notified: April 18, 2003 Updated: May 15, 2003
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Please see SGI Security Advisory 20030501-01-I.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
SSH Communications Security Affected
Notified: April 18, 2003 Updated: May 23, 2003
Status
Affected
Vendor Statement
SSH Communications Security Vendor statement for VU#888801
Not vulnerable products:
SSH Secure Shell for Servers (all versions)
SSH Secure Shell for Windows Servers (all versions)
SSH Secure Shell for Workstations (all versions)
The ssh1, ssh2 and ssh-agent protocols and applications are not vulnerable to the Klima-Pokorny-Rosa (KPR) attack because no error messages are reported from PKCS1 v1.5 decryption other than invalid PKCS1 padding. This implies there are no effective extensions to the Bleichenbacher attack such as the KPR attack against Secure Shell. The ssh1 and ssh-agent protocols have countermeasures against the Bleichenbacher attack and it is not applicable against ssh2.
Vulnerable products:
SSH Certificate/TLS Toolkit up to and including version 5.1.1
SSH IPSEC Express Toolkit up to and including version 5.1.1
A fix is available and has been delivered to SSH customers.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Sorceror Linux Affected
Updated: April 22, 2003
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
<http://www.securityfocus.com/archive/1/315884/2003-03-19/2003-03-25/0>
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Stonesoft Affected
Notified: April 18, 2003 Updated: June 02, 2003
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
<http://www.stonesoft.com/document/art/2949.html>
If you have feedback, comments, or additional information about this vulnerability, please send us email.
SuSE Inc. Affected
Notified: April 18, 2003 Updated: April 22, 2003
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Please see SuSE-SA:2003:024.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Trustix Secure Linux Affected
Updated: April 22, 2003
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Please see TSL-2003-0013.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Wirex Affected
Notified: April 18, 2003 Updated: April 18, 2003
Status
Affected
Vendor Statement
A patch has been made available, for more information please see:
http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-001-01
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
eSoft Affected
Notified: April 18, 2003 Updated: June 02, 2003
Status
Affected
Vendor Statement
eSoft InstaGate software prior to version 3.1.20030425 is vulnerable. Customers can upgrade to version 3.1.20030425 through SoftPak Director.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
mod_ssl Affected
Notified: April 18, 2003 Updated: April 22, 2003
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
mod_ssl itself is not directly vulnerable. To address this vulnerability in an Apache 1.3.x/mod_ssl system, however, mod_ssl needs to be linked against a patched/updated (0.9.7b/0.9.6j) version of OpenSSL.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Bitvise Not Affected
Notified: April 18, 2003 Updated: April 22, 2003
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Clavister Not Affected
Notified: April 18, 2003 Updated: May 23, 2003
Status
Not Affected
Vendor Statement
Clavister Firewall: Not Vulnerable
Clavister VPN Client: Not Vulnerable
The IKE protocol is not vulnerable to the Klima-Pokorny-Rosa attack, as it does not provide the necessary "clues" for the Bad Version Oracle to work with.
Even IKE with RSA encryption, which is an unusual IKE mode of operation that Clavister products does not do, should be immune to this attack.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Covalent Not Affected
Updated: April 22, 2003
Status
Not Affected
Vendor Statement
Covalent Technologies SSL implementations are NOT vulnerable to this or other variants of the Klima-Pokorny-Rosa attacks. No action by Covalent Technologies customers using Covalent SSL products is necessary.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Cryptlib Not Affected
Notified: April 18, 2003 Updated: April 28, 2003
Status
Not Affected
Vendor Statement
cryptlib returns a purely boolean yes/no response to incorrect data in the RSA-encrypted premaster secret, with no specific error details provided. It is not vulnerable to the bad-version oracle attack.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
FreSSH Not Affected
Notified: April 18, 2003 Updated: April 22, 2003
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Fujitsu Not Affected
Notified: April 18, 2003 Updated: June 02, 2003
Status
Not Affected
Vendor Statement
Fujitsu's UXP/V o.s. is not affected by the problem in VU#888801 because it does not support the RSA-based SSL/TLS.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
GNU Libgcrypt Not Affected
Updated: April 22, 2003
Status
Not Affected
Vendor Statement
Libgcrypt only recently provides pkcs#1 creation within the library but there is no pkcs#1 parsing yet implemented. So Libgcrypt itself is too dumb to be affected. GnuPG is not affected because it is a store and forward system and not easily usable in an online setting.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
GNU adns Not Affected
Notified: April 18, 2003 Updated: April 22, 2003
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
GNU glibc Not Affected
Notified: April 18, 2003 Updated: April 22, 2003
Status
Not Affected
Vendor Statement
...glibc doesn't do RSA.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Hitachi Not Affected
Notified: April 18, 2003 Updated: May 21, 2003
Status
Not Affected
Vendor Statement
Hitachi Web Server is NOT Vulnerable to this issue.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
IP Filter Not Affected
Notified: April 18, 2003 Updated: April 22, 2003
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
KAME Project Not Affected
Notified: April 18, 2003 Updated: April 22, 2003
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The KAME IKE daemon (racoon) does not support the "Authenticated With Public Key Encryption" exchange methods.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
MacSSH Not Affected
Notified: April 18, 2003 Updated: April 22, 2003
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Netfilter Not Affected
Notified: April 18, 2003 Updated: April 22, 2003
Status
Not Affected
Vendor Statement
The netfilter/iptables subsystem of the linux kernel is not affected, since it doesn't include any SSL/TLS support.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
OpenSSH Not Affected
Notified: April 18, 2003 Updated: April 22, 2003
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
PuTTY Not Affected
Notified: April 18, 2003 Updated: April 22, 2003
Status
Not Affected
Vendor Statement
PuTTY cannot be vulnerable to any attack of this type in the SSH1 transport layer, since it is an SSH client only and the RSA decryption is done in the server. An SSH agent could feasibly be vulnerable if it reported SSH_AGENT_FAILURE in response to PKCS encoding errors, but PuTTY's agent implementation (Pageant) will never do this, so it is believed safe.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
RSA Security Not Affected
Notified: April 18, 2003 Updated: May 21, 2003
Status
Not Affected
Vendor Statement
RSA BSAFE SSL-C (all versions) SSLv3 and TLSv1 implementations are not vulnerable to the Klima-Pokorny-Rosa attack.
RSA BSAFE SSL-J SSLv3 and TLSv1 implementations are not vulnerable to the Klima-Pokorny-Rosa attack.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
TTSSH/TeraTerm Not Affected
Notified: April 18, 2003 Updated: April 22, 2003
Status
Not Affected
Vendor Statement
TTSSH is not vulnerable because there is no way to get TTSSH to perform a large number of RSA operations automatically. We perform one or two RSA operations each time the user connects to the server, and every server connection requires user interaction.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
VanDyke Software Inc. Not Affected
Notified: April 18, 2003 Updated: May 27, 2003
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
WinSCP Not Affected
Notified: April 18, 2003 Updated: April 22, 2003
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
djbdns Not Affected
Notified: April 18, 2003 Updated: April 22, 2003
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
lsh Not Affected
Notified: April 18, 2003 Updated: April 22, 2003
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
3Com Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
AT&T Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Alcatel Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Apache Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Apache-SSL Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Avaya Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
BlueCat Networks Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
BorderWare Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Check Point Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Cisco Systems Inc. Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Computer Associates Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Cray Inc. Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Crypto++ Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
D-Link Systems Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Data General Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Entrust Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Extreme Networks Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
F-Secure Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Foundry Networks Inc. Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
FreeS/WAN Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Global Technology Associates Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
ISC Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
InfoBlox Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Intel Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Internet Initiative Japan (IIJ) Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Interpeak Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Intersoft International Inc. Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Intoto Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Juniper Networks Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Lotus Software Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Lucent Technologies Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
MandrakeSoft Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Please see MDKSA-2003:035.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Massachusetts Institute of Technology (MIT) Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Men&Mice Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
MetaSolv Software Inc. Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Microsoft Corporation Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
MontaVista Software Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Multi-Tech Systems Inc. Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
MultiNet Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
NEC Corporation Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
National Center for Supercomputing Applications (NCSA) Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
National Institute of Standards and Technology (NIST) Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
NetScreen Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Netcomposite Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Network Appliance Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Network Associates Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Nixu Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Nokia Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Nominum Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Nortel Networks Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Novell Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Openwall GNU/*/Linux Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Oracle Corporation Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Pragma Systems Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Redback Networks Inc. Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Riverstone Networks Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
SafeNet Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Secure Computing Corporation Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
SecureWorx Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Sequent Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
ShadowSupport Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Sony Corporation Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Sun Microsystems Inc. Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Symantec Corporation Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
The SCO Group Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Threshold Networks Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Unisys Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
WatchGuard Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Wind River Systems Inc. Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
ZyXEL Unknown
Notified: April 18, 2003 Updated: April 22, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 0 | AV:--/AC:--/Au:--/C:--/I:--/A:-- |
| Temporal | 0 | E:ND/RL:ND/RC:ND |
| Environmental | 0 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
References
- http://eprint.iacr.org/2003/052/
- http://www.i.cz/en/onas/tisk7.html
- http://www.i.cz/en/onas/tisk8.html
- http://www.openssl.org/news/secadv_20030319.txt
- http://www.ietf.org/rfc/rfc2246.txt
- http://link.springer.de/link/service/series/0558/papers/1462/14620001.pdf
- http://www.rsasecurity.com/rsalabs/pkcs1/qa.html
- ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf
- ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1v2.asc
- ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1.asc
- ftp://ftp.rsasecurity.com/pub/pdfs/bulletn7.pdf
- http://www.ietf.org/rfc/rfc2408.txt
- http://www.ietf.org/rfc/rfc2409.txt
Acknowledgements
This vulnerability was researched and documented by Vlastimil Klíma, Ondᖞj Pokorný, and Tomáš Rosa.
This document was written by Art Manion.
Other Information
| CVE IDs: | CVE-2003-0131 |
| Severity Metric: | 4.05 |
| Date Public: | 2003-03-19 |
| Date First Published: | 2003-04-23 |
| Date Last Updated: | 2004-08-25 17:58 UTC |
| Document Revision: | 51 |