Vulnerability CVE-2018-0734


Published: 2018-10-30

Description:
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

Type:

CWE-320

(Key Management Errors)

Vendor: Debian
Product: Debian linux 
Version: 9.0;
Vendor: Nodejs
Product: Node.js 
Version:
8.9.4
8.9.3
8.9.2
8.9.1
8.9.0
8.14.0
8.13.0
8.12.0
8.11.4
8.11.3
8.11.2
8.11.1
8.10.0
6.9.5
6.9.4
6.9.3
6.9.2
6.9.1
6.9.0
6.15.1
6.15.0
6.14.4
6.14.3
6.14.2
6.14.1
6.14.0
6.13.1
6.13.0
6.12.3
6.12.2
6.12.1
6.12.0
6.11.5
6.11.4
6.11.3
6.11.2
6.10.3
6.10.1
6.10.0
11.4.0
11.3.0
11.2.0
11.1.0
11.0.0
10.14.1
10.14.0
10.13.0
See more versions on NVD
Vendor: Oracle
Product: Peoplesoft enterprise peopletools 
Version:
8.57
8.56
8.55
See more versions on NVD
Product: Primavera p6 professional project management 
Version:
8.4
18.8
17.8
17.7
17.12
17.11
17.10
16.2
16.1
15.2
15.1
See more versions on NVD
Product: Mysql enterprise backup 
Version:
4.1.2
4.1.1
4.1.0
4.0.3
4.0.2
4.0.1
4.0.0
3.12.3
3.12.2
3.12.1
3.12.0
3.11.1
3.11.0
See more versions on NVD
Product: Enterprise manager base platform 
Version:
13.3.0.0.0
13.2.0.0.0
12.1.0.5.0
See more versions on NVD
Product: Enterprise manager ops center 
Version: 12.3.3;
Product: Tuxedo 
Version: 12.1.1.0.0;
Product: Api gateway 
Version: 11.1.2.4.0;
Vendor: Canonical
Product: Ubuntu linux 
Version:
18.10
18.04
16.04
14.04
See more versions on NVD
Vendor: Openssl
Product: Openssl 
Version:
1.1.1
1.1.0i
1.1.0h
1.1.0g
1.1.0f
1.1.0e
1.1.0d
1.1.0c
1.1.0b
1.1.0a
1.1.0
1.0.2p
1.0.2o
1.0.2n
1.0.2m
See more versions on NVD

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html
http://www.securityfocus.com/bid/105758
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
https://security.netapp.com/advisory/ntap-20181105-0002/
https://security.netapp.com/advisory/ntap-20190118-0002/
https://security.netapp.com/advisory/ntap-20190423-0002/
https://usn.ubuntu.com/3840-1/
https://www.debian.org/security/2018/dsa-4348
https://www.debian.org/security/2018/dsa-4355
https://www.openssl.org/news/secadv/20181030.txt
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.tenable.com/security/tns-2018-16
https://www.tenable.com/security/tns-2018-17

Related CVE
CVE-2019-1552
OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --opens...
CVE-2019-1543
ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 b...
CVE-2019-1559
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid...
CVE-2019-0190
A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server ve...
CVE-2018-5407
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
CVE-2018-0735
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in Ope...
CVE-2016-7056
A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.
CVE-2018-12438
The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the loc...

Copyright 2019, cxsecurity.com

 

Back to Top