Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 570942 - (CVE-2010-0928) CVE-2010-0928 openssl: RSA authentication weakness
CVE-2010-0928 openssl: RSA authentication weakness
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
http://web.nvd.nist.gov/view/vuln/det...
impact=low,source=internet,reported=2...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-03-05 16:52 EST by Vincent Danen
Modified: 2015-07-29 09:41 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-11-06 01:49:14 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Vincent Danen 2010-03-05 16:52:54 EST 
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-0928 to
the following vulnerability:

Name: CVE-2010-0928
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0928
Assigned: 20100305
Reference: MISC: http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf
Reference: MISC: http://www.networkworld.com/news/2010/030410-rsa-security-attack.html

OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx
Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm
for certain signature calculations, and does not verify the signature
before providing it to a caller, which makes it easier for physically
proximate attackers to determine the private key via a modified supply
voltage for the microprocessor, related to a "fault-based attack."
Comment 1 Mark J. Cox 2010-03-08 04:59:41 EST 
CVE-2010-0928 describes a fault-based attack on OpenSSL where an attacker has precise control over the target system environment in order to be able to introduce faults through power supply manipulation. 

The Red Hat Security Response Team has rated this issue as having low security impact, as the attack is not a viable threat to OpenSSL as used in Red Hat products.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.