Vulnerability CVE-2018-0734


Published: 2018-10-30

Description:
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

Type:

CWE-320

(Key Management Errors)

Vendor: Debian
Product: Debian linux 
Version: 9.0;
Vendor: Nodejs
Product: Node.js 
Version:
8.9.4
8.9.3
8.9.2
8.9.1
8.9.0
8.14.0
8.13.0
8.12.0
8.11.4
8.11.3
8.11.2
8.11.1
8.10.0
6.9.5
6.9.4
6.9.3
6.9.2
6.9.1
6.9.0
6.15.1
6.15.0
6.14.4
6.14.3
6.14.2
6.14.1
6.14.0
6.13.1
6.13.0
6.12.3
6.12.2
6.12.1
6.12.0
6.11.5
6.11.4
6.11.3
6.11.2
6.10.3
6.10.1
6.10.0
11.4.0
11.3.0
11.2.0
11.1.0
11.0.0
10.14.1
10.14.0
10.13.0
See more versions on NVD
Vendor: Oracle
Product: Peoplesoft enterprise peopletools 
Version:
8.57
8.56
8.55
See more versions on NVD
Product: Primavera p6 professional project management 
Version:
8.4
18.8
17.8
17.7
17.12
17.11
17.10
16.2
16.1
15.2
15.1
See more versions on NVD
Product: Mysql enterprise backup 
Version:
4.1.2
4.1.1
4.1.0
4.0.3
4.0.2
4.0.1
4.0.0
3.12.3
3.12.2
3.12.1
3.12.0
3.11.1
3.11.0
See more versions on NVD
Product: Enterprise manager base platform 
Version:
13.3.0.0.0
13.2.0.0.0
12.1.0.5.0
See more versions on NVD
Product: Enterprise manager ops center 
Version: 12.3.3;
Product: Tuxedo 
Version: 12.1.1.0.0;
Product: Api gateway 
Version: 11.1.2.4.0;
Vendor: Canonical
Product: Ubuntu linux 
Version:
18.10
18.04
16.04
14.04
See more versions on NVD
Vendor: Openssl
Product: Openssl 
Version:
1.1.1
1.1.0i
1.1.0h
1.1.0g
1.1.0f
1.1.0e
1.1.0d
1.1.0c
1.1.0b
1.1.0a
1.1.0
1.0.2p
1.0.2o
1.0.2n
1.0.2m
See more versions on NVD

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html
http://www.securityfocus.com/bid/105758
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
https://security.netapp.com/advisory/ntap-20181105-0002/
https://security.netapp.com/advisory/ntap-20190118-0002/
https://security.netapp.com/advisory/ntap-20190423-0002/
https://usn.ubuntu.com/3840-1/
https://www.debian.org/security/2018/dsa-4348
https://www.debian.org/security/2018/dsa-4355
https://www.openssl.org/news/secadv/20181030.txt
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.tenable.com/security/tns-2018-16
https://www.tenable.com/security/tns-2018-17

Related CVE
CVE-2019-1543
ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 b...
CVE-2019-1559
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid...
CVE-2019-0190
A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server ve...
CVE-2018-5407
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
CVE-2018-0735
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in Ope...
CVE-2016-7056
A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.
CVE-2018-12438
The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the loc...
CVE-2018-12437
LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual mac...

Copyright 2019, cxsecurity.com

 

Back to Top