Vulnerability Description
OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a "fault-based attack."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openssl | Openssl | 0.9.8i |
| Gaisler | Leon3 Soc | All versions |
| Xilinx | Virtex-Ii Pro Fpga | All versions |
Related Weaknesses (CWE)
References
- http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injecti
- http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf
- http://www.networkworld.com/news/2010/030410-rsa-security-attack.html
- http://www.osvdb.org/62808
- http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56750
- http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injecti
- http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf
- http://www.networkworld.com/news/2010/030410-rsa-security-attack.html
- http://www.osvdb.org/62808
- http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56750
FAQ
What is CVE-2010-0928?
CVE-2010-0928 is a vulnerability with a CVSS score of 4.0 (MEDIUM). OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signatur...
How severe is CVE-2010-0928?
CVE-2010-0928 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0928?
Check the references section above for vendor advisories and patch information. Affected products include: Openssl Openssl, Gaisler Leon3 Soc, Xilinx Virtex-Ii Pro Fpga.