FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2014-0076

This CVE name corresponds to:

Entered Topic
2014-04-11 OpenSSL -- Local Information Disclosure

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2014-0076
Phase Assigned(20131203)

Description

The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.

References

Source Reference
MISC http://eprint.iacr.org/2014/140
CONFIRM http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2198be3483259de374f91e57d247d0fc667aef29
CONFIRM https://bugs.gentoo.org/show_bug.cgi?id=505278
CONFIRM https://bugzilla.novell.com/show_bug.cgi?id=869945
CONFIRM http://www.openssl.org/news/secadv_20140605.txt
CONFIRM http://advisories.mageia.org/MGASA-2014-0165.html
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676035
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676062
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676419
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676424
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21676655
CONFIRM http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
CONFIRM http://www.novell.com/support/kb/doc.php?id=7015264
CONFIRM http://www.novell.com/support/kb/doc.php?id=7015300
CONFIRM https://kc.mcafee.com/corporate/index?page=content&id=SB10075
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21673137
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21677828
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21677695
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=isg400001841
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=isg400001843
CISCO 20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
MANDRIVA MDVSA-2014:067
BID 66363
SECUNIA 58727
SECUNIA 58939
SECUNIA 59162
SECUNIA 59300
SECUNIA 59438
SECUNIA 59450
SECUNIA 59495
SECUNIA 59514
SECUNIA 59490
SECUNIA 59655
SECUNIA 59721
SECUNIA 59413