Vulnerability CVE-2018-5407


Published: 2018-11-15

Description:
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Intel (Skylake / Kaby Lake) PortSmash CPU SMT Side-Channel
Billy Brumley
05.11.2018

Type:

CWE-200

(Information Exposure)

Vendor: Debian
Product: Debian linux 
Version: 9.0; 8.0;
Vendor: Nodejs
Product: Node.js 
Version:
8.9.4
8.9.3
8.9.2
8.9.1
8.9.0
8.8.1
8.8.0
8.7.0
8.6.0
8.5.0
8.4.0
8.3.0
8.2.1
8.2.0
8.11.3
8.11.2
8.11.1
8.11.0
8.10.0
8.1.4
8.1.3
8.1.2
8.1.1
8.1.0
8.0.0
6.9.5
6.9.4
6.9.3
6.9.2
6.9.1
6.9.0
6.8.1
6.8.0
6.7.0
6.6.0
6.5.0
6.4.0
6.3.1
6.3.0
See more versions on NVD
Vendor: Oracle
Product: Peoplesoft enterprise peopletools 
Version:
8.57
8.56
8.55
See more versions on NVD
Product: Primavera p6 enterprise project portfolio management 
Version: 8.4;
Vendor: Tenable
Product: Nessus 
Version:
8.1.0
8.0.1
8.0.0
7.2.2
7.2.1
7.2.0
7.1.4
7.1.3
7.1.2
7.1.1
7.1.0
7.0.3
7.0.2
7.0.1
7.0.0
6.9.3
6.9.2
6.9.1
6.9.0
6.9
6.8.2
6.8.1
6.8.0
6.8
6.7.0
6.7
6.6.2
6.6.1
6.6.0
6.5.6
6.5.5
6.5.4
6.5.3
6.5.2
6.5.1
6.5.0
6.4.3
6.4.2
6.4.1
6.4.0
6.3.7
6.3.6
6.3.5
6.3.4
6.3.3
6.3.2
6.3.1
6.3.0
See more versions on NVD
Vendor: Redhat
Product: Enterprise linux server aus 
Version: 7.6;
Product: Enterprise linux server tus 
Version: 7.6;
Product: Enterprise linux server 
Version: 7.6; 7.0;
Product: Enterprise linux server eus 
Version: 7.6;
Product: Enterprise linux desktop 
Version: 7.0;
Product: Enterprise linux workstation 
Version: 7.0;

CVSS2 => (AV:L/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
1.9/10
2.9/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://www.securityfocus.com/bid/105897
https://access.redhat.com/errata/RHSA-2019:0483
https://access.redhat.com/errata/RHSA-2019:0651
https://access.redhat.com/errata/RHSA-2019:0652
https://eprint.iacr.org/2018/1060.pdf
https://github.com/bbbrumley/portsmash
https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
https://security.gentoo.org/glsa/201903-10
https://security.netapp.com/advisory/ntap-20181126-0001/
https://usn.ubuntu.com/3840-1/
https://www.debian.org/security/2018/dsa-4348
https://www.debian.org/security/2018/dsa-4355
https://www.exploit-db.com/exploits/45785/
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.tenable.com/security/tns-2018-16
https://www.tenable.com/security/tns-2018-17

Related CVE
CVE-2019-3894
It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could all...
CVE-2019-3805
A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss...
CVE-2019-10131
An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program.
CVE-2019-3900
An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest ...
CVE-2019-3868
Keycloak up to version 6.0.0 allows the end user token (access or id token JWT) to be used as the session cookie for browser sessions for OIDC. As a result an attacker with access to service provider backend could hijack user?s browser session.
CVE-2019-2698
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protoc...
CVE-2019-2684
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthen...
CVE-2019-2602
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unau...

Copyright 2019, cxsecurity.com

 

Back to Top