The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2014-0076 from the MITRE CVE dictionary dictionary and NIST NVD.
Not vulnerable. This issue does not affect the version of openssl and openssl097a as shipped with Red Hat Enterprise Linux 5. This issue does not affect the version of openssl and openssl098e as shipped with Red Hat Enterprise Linux 6 or 7.
NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.
| Base Score | 4.3 |
|---|---|
| Base Metrics | AV:N/AC:M/Au:N/C:P/I:N/A:N |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | None |
| Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 7 | openssl098e | Not affected |
| Red Hat Enterprise Linux 7 | openssl | Not affected |
| Red Hat Enterprise Linux 6 | openssl | Not affected |
| Red Hat Enterprise Linux 6 | openssl098e | Not affected |
| Red Hat Enterprise Linux 5 | openssl | Not affected |
| Red Hat Enterprise Linux 5 | openssl097a | Not affected |
Vulmon