Vulnerability Description
The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openssl | Openssl | <= 0.9.8e |
References
- http://cvs.openssl.org/chngview?cn=16275
- http://lists.vmware.com/pipermail/security-announce/2008/000002.html
- http://openssl.org/news/patch-CVE-2007-3108.txt
- http://secunia.com/advisories/26411
- http://secunia.com/advisories/26893
- http://secunia.com/advisories/27021
- http://secunia.com/advisories/27078
- http://secunia.com/advisories/27097
- http://secunia.com/advisories/27205
- http://secunia.com/advisories/27330
- http://secunia.com/advisories/27770
- http://secunia.com/advisories/27870
- http://secunia.com/advisories/28368
- http://secunia.com/advisories/30161
- http://secunia.com/advisories/30220
FAQ
What is CVE-2007-3108?
CVE-2007-3108 is a vulnerability with a CVSS score of 1.2 (LOW). The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack...
How severe is CVE-2007-3108?
CVE-2007-3108 has been rated LOW with a CVSS base score of 1.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3108?
Check the references section above for vendor advisories and patch information. Affected products include: Openssl Openssl.