The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.
http://advisories.mageia.org/MGASA-2014-0165.html
http://eprint.iacr.org/2014/140
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2198be3483259de374f91e57d247d0fc667aef29
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
http://lists.opensuse.org/opensuse-updates/2014-04/msg00007.html
http://marc.info/?l=bugtraq&m=140266410314613&w=2
http://marc.info/?l=bugtraq&m=140317760000786&w=2
http://marc.info/?l=bugtraq&m=140389274407904&w=2
http://marc.info/?l=bugtraq&m=140389355508263&w=2
http://marc.info/?l=bugtraq&m=140448122410568&w=2
http://marc.info/?l=bugtraq&m=140482916501310&w=2
http://marc.info/?l=bugtraq&m=140621259019789&w=2
http://marc.info/?l=bugtraq&m=140752315422991&w=2
http://marc.info/?l=bugtraq&m=140904544427729&w=2
http://secunia.com/advisories/58492
http://secunia.com/advisories/58727
http://secunia.com/advisories/58939
http://secunia.com/advisories/59040
http://secunia.com/advisories/59162
http://secunia.com/advisories/59175
http://secunia.com/advisories/59264
http://secunia.com/advisories/59300
http://secunia.com/advisories/59364
http://secunia.com/advisories/59374
http://secunia.com/advisories/59413
http://secunia.com/advisories/59438
http://secunia.com/advisories/59445
http://secunia.com/advisories/59450
http://secunia.com/advisories/59454
http://secunia.com/advisories/59490
http://secunia.com/advisories/59495
http://secunia.com/advisories/59514
http://secunia.com/advisories/59655
http://secunia.com/advisories/59721
http://secunia.com/advisories/60571
http://support.apple.com/kb/HT6443
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
http://www.mandriva.com/security/advisories?name=MDVSA-2014:067
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
http://www.novell.com/support/kb/doc.php?id=7015264
http://www.novell.com/support/kb/doc.php?id=7015300
http://www.openssl.org/news/secadv_20140605.txt
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.securityfocus.com/bid/66363
http://www.ubuntu.com/usn/USN-2165-1
http://www-01.ibm.com/support/docview.wss?uid=isg400001841
http://www-01.ibm.com/support/docview.wss?uid=isg400001843
http://www-01.ibm.com/support/docview.wss?uid=swg21673137
http://www-01.ibm.com/support/docview.wss?uid=swg21676035
http://www-01.ibm.com/support/docview.wss?uid=swg21676062
http://www-01.ibm.com/support/docview.wss?uid=swg21676092
http://www-01.ibm.com/support/docview.wss?uid=swg21676419
http://www-01.ibm.com/support/docview.wss?uid=swg21676424
http://www-01.ibm.com/support/docview.wss?uid=swg21676501
http://www-01.ibm.com/support/docview.wss?uid=swg21676655
http://www-01.ibm.com/support/docview.wss?uid=swg21677695
http://www-01.ibm.com/support/docview.wss?uid=swg21677828
https://bugs.gentoo.org/show_bug.cgi?id=505278
https://bugzilla.novell.com/show_bug.cgi?id=869945
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
https://kc.mcafee.com/corporate/index?page=content&id=SB10075
OR
cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions up to 1.0.0l (inclusive)
ID | Name | Product | Family | Severity |
---|---|---|---|---|
144766 | IBM HTTP Server 8.0.x < 8.0.0.9 / 8.5.x < 8.5.5.3 (247195) | Nessus | Web Servers | low |
89651 | openSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-294) (DROWN) (FREAK) (POODLE) | Nessus | SuSE Local Security Checks | critical |
88991 | Cisco NX-OS OpenSSL Multiple Vulnerabilities | Nessus | CISCO | high |
88989 | Cisco IOS XE Multiple OpenSSL Vulnerabilities (CSCup22487) | Nessus | CISCO | medium |
87676 | VMware ESXi Multiple OpenSSL Vulnerabilities (VMSA-2014-0004) (Heartbleed) | Nessus | Misc. | medium |
86710 | Xerox ColorQube 8570 / 8870 Multiple Vulnerabilities (XRX15OA) | Nessus | Misc. | medium |
83620 | SUSE SLES10 Security Update : OpenSSL (SUSE-SU-2014:0539-1) | Nessus | SuSE Local Security Checks | medium |
83619 | SUSE SLES10 Security Update : OpenSSL (SUSE-SU-2014:0538-1) | Nessus | SuSE Local Security Checks | medium |
82315 | Mandriva Linux Security Advisory : openssl (MDVSA-2015:062) | Nessus | Mandriva Local Security Checks | high |
81782 | IBM Rational ClearQuest 7.1.1.x / 7.1.2.x < 7.1.2.13.01 / 8.0.0.x < 8.0.0.10.01 / 8.0.1.x < 8.0.1.3.01 OpenSSL Library Multiple Vulnerabilities (credentialed check) (Heartbleed) | Nessus | Windows | medium |
81401 | IBM WebSphere Application Server 8.0 < Fix Pack 10 Multiple Vulnerabilities (POODLE) | Nessus | Web Servers | medium |
80915 | Oracle VM VirtualBox < 3.2.26 / 4.0.28 / 4.1.36 / 4.2.28 / 4.3.20 Multiple Vulnerabilities (January 2015 CPU) | Nessus | Windows | medium |
80721 | Oracle Solaris Third-Party Patch Update : openssl (multiple_vulnerabilities_in_openssl4) (Heartbleed) | Nessus | Solaris Local Security Checks | high |
80720 | Oracle Solaris Third-Party Patch Update : openssl (cve_2010_5298_race_conditions) | Nessus | Solaris Local Security Checks | high |
80479 | IBM Tivoli Access Manager for e-Business < 6.0.0.33 / 6.1.0.14 / 6.1.1.10 SSL Multiple Vulnerabilities | Nessus | Misc. | low |
8394 | Mac OS X < 10.9.5 Multiple Vulnerabilities (Security Update 2014-004) | Nessus Network Monitor | Web Clients | critical |
77749 | Mac OS X Multiple Vulnerabilities (Security Update 2014-004) | Nessus | MacOS X Local Security Checks | critical |
77748 | Mac OS X 10.9.x < 10.9.5 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | critical |
77635 | EMC Documentum Content Server Multiple Vulnerabilities (ESA-2014-079) | Nessus | Windows | high |
77438 | IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.3 Multiple Vulnerabilities | Nessus | Web Servers | medium |
77200 | OpenSSL 'ChangeCipherSpec' MiTM Vulnerability | Nessus | Misc. | medium |
77152 | HP Version Control Agent (VCA) < 7.3.3 Multiple SSL Vulnerabilities | Nessus | SuSE Local Security Checks | high |
77151 | HP Version Control Agent (VCA) < 7.3.3 Multiple SSL Vulnerabilities | Nessus | Red Hat Local Security Checks | high |
77150 | HP Version Control Agent (VCA) < 7.3.3 Multiple SSL Vulnerabilities | Nessus | Windows | medium |
77020 | HP Systems Insight Manager 7.2.x < 7.2 Hotfix 37 / 7.3.x < 7.3 Hotfix 34 OpenSSL Multiple Vulnerabilities | Nessus | Windows | medium |
76995 | IBM WebSphere Application Server 8.0 < Fix Pack 9 Multiple Vulnerabilities | Nessus | Web Servers | high |
76580 | McAfee VirusScan Enterprise for Linux Multiple OpenSSL Vulnerabilities (SB10075) | Nessus | Misc. | medium |
76579 | McAfee Email Gateway OpenSSL Multiple Vulnerabilities (SB10075) | Nessus | Misc. | medium |
76492 | Mac OS X : Cisco AnyConnect Secure Mobility Client 2.x / 3.x < 3.1(5170) Multiple OpenSSL Vulnerabilities | Nessus | MacOS X Local Security Checks | medium |
76491 | Cisco AnyConnect Secure Mobility Client 2.x / 3.x < 3.1(5170) Multiple OpenSSL Vulnerabilities | Nessus | Windows | medium |
76490 | Ipswitch IMail Server 11.x / 12.x < 12.4.1.15 Multiple Vulnerabilities (Heartbleed) | Nessus | Misc. | medium |
76390 | HP Version Control Repository Manager Multiple Vulnerabilities (HPSBMU03056) | Nessus | Windows | medium |
76345 | HP System Management Homepage < 7.2.4.1 / 7.3.3.1 OpenSSL Multiple Vulnerabilities | Nessus | Web Servers | medium |
76146 | McAfee Web Gateway Multiple OpenSSL Vulnerabilities (SB10075) | Nessus | Misc. | medium |
76145 | McAfee ePolicy Orchestrator Multiple OpenSSL Vulnerabilities (SB10075) | Nessus | Misc. | medium |
76131 | Cisco TelePresence MCU Series Devices Multiple Vulnerabilities in OpenSSL | Nessus | CISCO | medium |
76130 | Cisco ONS 15400 Series Devices Multiple Vulnerabilities in OpenSSL | Nessus | CISCO | low |
76129 | Cisco Windows Jabber Client Multiple Vulnerabilities in OpenSSL (cisco-sa-20140605-openssl) | Nessus | Windows | medium |
75310 | openSUSE Security Update : openssl (openSUSE-SU-2014:0480-1) | Nessus | SuSE Local Security Checks | low |
74363 | OpenSSL 0.9.8 < 0.9.8za Multiple Vulnerabilities | Nessus | Web Servers | medium |
74326 | OpenSSL 'ChangeCipherSpec' MiTM Potential Vulnerability | Nessus | Misc. | medium |
74288 | IBM Global Security Kit 7 < 7.0.4.50 / 8.0.14.x < 8.0.14.43 / 8.0.50.x < 8.0.50.20 Multiple Vulnerabilities (Linux) | Nessus | General | low |
74287 | IBM Global Security Kit 7 < 7.0.4.50 / 8.0.14.x < 8.0.14.43 / 8.0.50.x < 8.0.50.20 Multiple Vulnerabilities | Nessus | Windows | low |
74104 | IBM General Parallel File System 3.5 < 3.5.0.17 Multiple OpenSSL Vulnerabilities (Heartbleed) | Nessus | Windows | medium |
73917 | ESXi 5.5 < Build 1746974 / 5.5 Update 1 < Build 1746018 OpenSSL Library Multiple Vulnerabilities (remote check) (Heartbleed) | Nessus | Misc. | medium |
73896 | VMware Horizon Workspace 1.8 < 1.8.1 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed) | Nessus | Misc. | medium |
73851 | VMSA-2014-0004 : VMware product updates address OpenSSL security vulnerabilities | Nessus | VMware ESX Local Security Checks | high |
73674 | VMware Workstation 10.x < 10.0.2 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed) | Nessus | Windows | medium |
73673 | VMware Workstation 10.x < 10.0.2 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Linux) (Heartbleed) | Nessus | General | medium |
73672 | VMware Player 6.x < 6.0.2 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed) | Nessus | Windows | medium |
73671 | VMware Player 6.x < 6.0.2 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Linux) (Heartbleed) | Nessus | General | medium |
73670 | VMware Fusion 6.x < 6.0.3 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed) | Nessus | MacOS X Local Security Checks | medium |
73599 | Debian DSA-2908-1 : openssl - security update | Nessus | Debian Local Security Checks | medium |
73592 | SuSE 11.3 Security Update : OpenSSL (SAT Patch Number 9073) | Nessus | SuSE Local Security Checks | medium |
73487 | FreeBSD : OpenSSL -- Local Information Disclosure (7ccd4def-c1be-11e3-9d09-000c2980a9f3) | Nessus | FreeBSD Local Security Checks | low |
73443 | Mandriva Linux Security Advisory : openssl (MDVSA-2014:067) | Nessus | Mandriva Local Security Checks | medium |
8194 | OpenSSL 1.0.1 < 1.0.1g Multiple Vulnerabilities (Heartbleed) | Nessus Network Monitor | Web Servers | medium |
73409 | Slackware 14.0 / 14.1 / current : openssl (SSA:2014-098-01) | Nessus | Slackware Local Security Checks | high |
73407 | GLSA-201404-07 : OpenSSL: Information Disclosure | Nessus | Gentoo Local Security Checks | high |
73404 | OpenSSL 1.0.1 < 1.0.1g Multiple Vulnerabilities (Heartbleed) | Nessus | Web Servers | medium |
73403 | OpenSSL 1.0.0 < 1.0.0m Multiple Vulnerabilities | Nessus | Web Servers | high |
73402 | Ubuntu 12.04 LTS / 12.10 / 13.10 : openssl vulnerabilities (USN-2165-1) | Nessus | Ubuntu Local Security Checks | high |