CVE-2014-0076
CVE-2014-0076
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://advisories.mageia.org/MGASA-2014-0165.htmlhttp://eprint.iacr.org/2014/140http://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2198be3483259de374f91e57d247d0fc667aef29http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlhttp://lists.opensuse.org/opensuse-updates/2014-04/msg00007.htmlhttp://marc.info/?l=bugtraq&m=140266410314613&w=2http://marc.info/?l=bugtraq&m=140317760000786&w=2http://marc.info/?l=bugtraq&m=140389274407904&w=2http://marc.info/?l=bugtraq&m=140389355508263&w=2http://marc.info/?l=bugtraq&m=140448122410568&w=2http://marc.info/?l=bugtraq&m=140482916501310&w=2