CVE-201-0737

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

CVE-201-0737

Scott Neugroschl-2
Hi,

I'm trying to make sure I have grokked this advisory properly.

The advisory says this is a cache timing side channel attack on key generation.   So am I correct in assuming that a potential attacker must

1) Already have access to the system
2) Have sufficient privilege to be able to access cache info

Or am I completely mistaken here?

Thanks,

ScottN

---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: CVE-201-0737

Matt Caswell-2


On 16/04/18 16:59, Scott Neugroschl wrote:
> Hi,
>
> I'm trying to make sure I have grokked this advisory properly.
>
> The advisory says this is a cache timing side channel attack on key generation.   So am I correct in assuming that a potential attacker must
>
> 1) Already have access to the system
> 2) Have sufficient privilege to be able to access cache info

Correct.

Matt

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: CVE-201-0737

Scott Neugroschl-2

On 16/04/18 0935PDT, Matt Caswell wrote:

>On 16/04/18 16:59, Scott Neugroschl wrote:
>> Hi,
>>
>> I'm trying to make sure I have grokked this advisory properly.
>>
>> The advisory says this is a cache timing side channel attack on key generation.   So am I correct in assuming that a potential attacker must
>>
>> 1) Already have access to the system
>> 2) Have sufficient privilege to be able to access cache info
>
>Correct.

Thanks, Matt!


---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users