CVE-2007-3108

Name	CVE-2007-3108
Description	The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-1571-1
Debian Bugs	438142, 438180

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
openssl (PTS)	bullseye	1.1.1w-0+deb11u1	fixed
	bullseye (security)	1.1.1w-0+deb11u2	fixed
	bookworm	3.0.15-1~deb12u1	fixed
	bookworm (security)	3.0.14-1~deb12u2	fixed
	sid, trixie	3.5.0-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
openssl	source	etch	0.9.8c-4etch3		DSA-1571-1
openssl	source	(unstable)	0.9.8e-6	low		438142
openssl097	source	(unstable)	(unfixed)			438180

[sarge] - openssl <no-dsa> (Not exploitable in a real-world scenario)
[etch] - openssl097 <no-dsa> (Not exploitable in a real-world scenario)