Vulnerabilities > CVE-2018-0735 - Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products

047910
CVSS 5.9 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE

Summary

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).

Vulnerable Configurations

Part Description Count
Application
Openssl
17
Application
Nodejs
18
Application
Netapp
10
Application
Oracle
780
OS
Canonical
4
OS
Debian
2
OS
Netapp
1
Hardware
Netapp
1

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Encryption Brute Forcing
    An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext.
  • Creating a Rogue Certificate Authority Certificate
    An attacker exploits a weakness in the MD5 hash algorithm (weak collision resistance) to generate a certificate signing request (CSR) that contains collision blocks in the "to be signed" part. The attacker specially crafts two different, but valid X.509 certificates that when hashed with the MD5 algorithm would yield the same value. The attacker then sends the CSR for one of the certificates to the Certification Authority which uses the MD5 hashing algorithm. That request is completely valid and the Certificate Authority issues an X.509 certificate to the attacker which is signed with its private key. An attacker then takes that signed blob and inserts it into another X.509 certificate that the attacker generated. Due to the MD5 collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the attackers' second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority. To make the attack more interesting, the second certificate could be not just a regular certificate, but rather itself a signing certificate. Thus the attacker is able to start their own Certification Authority that is anchored in its root of trust in the legitimate Certification Authority that has signed the attackers' first X.509 certificate. If the original Certificate Authority was accepted by default by browsers, so will now the Certificate Authority set up by the attacker and of course any certificates that it signs. So the attacker is now able to generate any SSL certificates to impersonate any web server, and the user's browser will not issue any warning to the victim. This can be used to compromise HTTPS communications and other types of systems where PKI and X.509 certificates may be used (e.g., VPN, IPSec) .
  • Signature Spoof
    An attacker generates a message or datablock that causes the recipient to believe that the message or datablock was generated and cryptographically signed by an authoritative or reputable source, misleading a victim or victim operating system into performing malicious actions.
  • Cryptanalysis
    Cryptanalysis is a process of finding weaknesses in cryptographic algorithms and using these weaknesses to decipher the ciphertext without knowing the secret key (instance deduction). Sometimes the weakness is not in the cryptographic algorithm itself, but rather in how it is applied that makes cryptanalysis successful. An attacker may have other goals as well, such as: 1. Total Break - Finding the secret key 2. Global Deduction - Finding a functionally equivalent algorithm for encryption and decryption that does not require knowledge of the secret key. 3. Information Deduction - Gaining some information about plaintexts or ciphertexts that was not previously known 4. Distinguishing Algorithm - The attacker has the ability to distinguish the output of the encryption (ciphertext) from a random permutation of bits The goal of the attacker performing cryptanalysis will depend on the specific needs of the attacker in a given attack context. In most cases, if cryptanalysis is successful at all, an attacker will not be able to go past being able to deduce some information about the plaintext (goal 3). However, that may be sufficient for an attacker, depending on the context.

Nessus

  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0199_OPENSSL.NASL
    descriptionAn update of the openssl package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id121899
    published2019-02-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121899
    titlePhoton OS 1.0: Openssl PHSA-2018-1.0-0199
    code
    #
    # (C) Tenable Network Security, Inc.`
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2018-1.0-0199. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(121899);
      script_version("1.2");
      script_cvs_date("Date: 2019/04/02 21:54:17");
    
      script_cve_id("CVE-2018-0734", "CVE-2018-0735", "CVE-2018-5407");
    
      script_name(english:"Photon OS 1.0: Openssl PHSA-2018-1.0-0199");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the openssl package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-199.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-0735");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:openssl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-1.0", reference:"openssl-1.0.2q-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openssl-1.0.2q-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openssl-1.0.2q-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openssl-debuginfo-1.0.2q-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openssl-debuginfo-1.0.2q-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openssl-debuginfo-1.0.2q-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openssl-devel-1.0.2q-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openssl-devel-1.0.2q-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openssl-devel-1.0.2q-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openssl-perl-1.0.2q-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openssl-perl-1.0.2q-1.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"openssl-perl-1.0.2q-1.ph1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl");
    }
    
  • NASL familyMisc.
    NASL idORACLE_ENTERPRISE_MANAGER_APR_2019_CPU.NASL
    descriptionThe version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - Networking component of Enterprise Manager Base Platform (Spring Framework) is easily exploited and may allow an unauthenticated, remote attacker to takeover the Enterprise Manager Base Platform. (CVE-2018-1258, CVE-2018-11039, CVE-2018-11040, CVE-2018-1257, CVE-2018-15756) - Agent Next Gen (IBM Java) vulnerability allows unauthenticated, remote attacker unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data. (CVE-2018-1656, CVE-2018-12539) - An information disclosure vulnerability exists in OpenSSL due to the potential for a side-channel timing attack. An unauthenticated attacker can exploit this to disclose potentially sensitive information. (CVE-2018-0734, CVE-2018-0735, CVE-2018-5407)
    last seen2020-06-01
    modified2020-06-02
    plugin id124157
    published2019-04-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124157
    titleOracle Enterprise Manager Cloud Control (Apr 2019 CPU)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124157);
      script_version("1.3");
      script_cvs_date("Date: 2019/04/30 14:30:16");
    
      script_cve_id(
        "CVE-2018-0734",
        "CVE-2018-0735",
        "CVE-2018-11039",
        "CVE-2018-11040",
        "CVE-2018-12539",
        "CVE-2018-1257",
        "CVE-2018-1258",
        "CVE-2018-15756",
        "CVE-2018-1656",
        "CVE-2018-5407"
      );
      script_bugtraq_id(
        104222,
        104260,
        105118,
        105126,
        105703,
        105750,
        105758,
        105897
      );
      script_xref(name:"IAVA", value:"2019-A-0130");
    
      script_name(english:"Oracle Enterprise Manager Cloud Control (Apr 2019 CPU)");
      script_summary(english:"Checks for the patch ID.");
    
      script_set_attribute(attribute:"synopsis", value:
    "An enterprise management application installed on the remote host is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Oracle Enterprise Manager Cloud Control installed on
    the remote host is affected by multiple vulnerabilities in
    Enterprise Manager Base Platform component:
    
      - Networking component of Enterprise Manager Base Platform (Spring Framework)
      is easily exploited and may allow an unauthenticated, remote attacker to takeover
      the Enterprise Manager Base Platform.
      (CVE-2018-1258, CVE-2018-11039, CVE-2018-11040, CVE-2018-1257, CVE-2018-15756)
    
      - Agent Next Gen (IBM Java) vulnerability allows unauthenticated, remote attacker
      unauthorized access to critical data or complete access to all Enterprise Manager
      Base Platform accessible data. (CVE-2018-1656, CVE-2018-12539)
    
      - An information disclosure vulnerability exists in OpenSSL due to the potential
      for a side-channel timing attack. An unauthenticated attacker can exploit
      this to disclose potentially sensitive information. 
      (CVE-2018-0734, CVE-2018-0735, CVE-2018-5407)
    ");
      # https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9166970d");
      # https://support.oracle.com/rs?type=doc&id=2498664.1
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ba7181fa");
      script_set_attribute(attribute:"solution", value:
    "Apply the appropriate patch according to the April 2019
    Oracle Critical Patch Update advisory.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1258");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/18");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:enterprise_manager");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("oracle_enterprise_manager_installed.nbin");
      script_require_keys("installed_sw/Oracle Enterprise Manager Cloud Control");
    
      exit(0);
    }
    
    include('global_settings.inc');
    include('misc_func.inc');
    include('oracle_rdbms_cpu_func.inc');
    include('install_func.inc');
    
    product = 'Oracle Enterprise Manager Cloud Control';
    install = get_single_install(app_name:product, exit_if_unknown_ver:TRUE);
    version = install['version'];
    emchome = install['path'];
    
    patchid = NULL;
    missing = NULL;
    patched = FALSE;
    fix = NULL;
    
    if (version =~ '^13\\.3\\.0\\.0(\\.[0-9]+)?$')
    {
      patchid = '29433931';
      fix = '13.3.0.0.190416';
    }
    else if (version =~ '^13\\.2\\.0\\.0(\\.[0-9]+)?$')
    {
      patchid = '29433916';
      fix = '13.2.0.0.190416';
    }
    else if (version =~ '^12\\.1\\.0\\.5(\\.[0-9]+)?$')
    {
      patchid = '29433895';
      fix = '12.1.0.5.190416';
    }
    
    if (isnull(patchid))
      audit(AUDIT_HOST_NOT, 'affected');
    
    # compare version to check if we've already adjusted for patch level during detection
    if (ver_compare(ver:version, fix:fix, strict:FALSE) >= 0)
      audit(AUDIT_INST_PATH_NOT_VULN, product, version, emchome);
    
    # Now look for the affected components
    patchesinstalled = find_patches_in_ohomes(ohomes:make_list(emchome));
    if (isnull(patchesinstalled))
      missing = patchid;
    else
    {
      foreach applied (keys(patchesinstalled[emchome]))
      {
        if (applied == patchid)
        {
          patched = TRUE;
          break;
        }
        else
        {
          foreach bugid (patchesinstalled[emchome][applied]['bugs'])
          {
            if (bugid == patchid)
            {
              patched = TRUE;
              break;
            }
          }
          if (patched) break;
        }
      }
      if (!patched)
        missing = patchid;
    }
    
    if (empty_or_null(missing))
      audit(AUDIT_HOST_NOT, 'affected');
    
    order = make_list('Product', 'Version', 'Missing patch');
    report = make_array(
      order[0], product,
      order[1], version,
      order[2], patchid
    );
    report = report_items_str(report_items:report, ordered_fields:order);
    
    security_report_v4(port:0, extra:report, severity:SECURITY_WARNING);
    
  • NASL familyWeb Servers
    NASL idOPENSSL_1_1_1A.NASL
    descriptionAccording to its banner, the version of OpenSSL running on the remote host is 1.1.0 prior to 1.1.1a. It is, therefore, affected by a denial of service vulnerability, a cache timing side channel vulnerability, and a microarchitecture timing side channel attack.
    last seen2020-06-01
    modified2020-06-02
    plugin id121385
    published2019-01-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121385
    titleOpenSSL 1.1.1 < 1.1.1a Multiple Vulnerabilities
  • NASL familyWeb Servers
    NASL idOPENSSL_1_1_0J.NASL
    descriptionAccording to its banner, the version of OpenSSL running on the remote host is 1.1.0 prior to 1.1.0j. It is, therefore, affected by a denial of service vulnerability, a cache timing side channel vulnerability, and a microarchitecture timing side channel attack.
    last seen2020-06-01
    modified2020-06-02
    plugin id121384
    published2019-01-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121384
    titleOpenSSL 1.1.0 < 1.1.0j Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3945-1.NASL
    descriptionThis update for openssl-1_1 fixes the following issues : Security issues fixed : CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). CVE-2018-0735: Fixed timing vulnerability in ECDSA signature generation (bsc#1113651). Non-security issues fixed: Fixed infinite loop in DSA generation with incorrect parameters (bsc#1112209). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id119299
    published2018-11-30
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119299
    titleSUSE SLED12 / SLES12 Security Update : openssl-1_1 (SUSE-SU-2018:3945-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-956.NASL
    descriptionThis update for openssl-1_1 fixes the following issues : Security issues fixed : - CVE-2018-0734: timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-0735: timing vulnerability in ECDSA signature generation (bsc#1113651). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id123386
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123386
    titleopenSUSE Security Update : openssl-1_1 (openSUSE-2019-956)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1981.NASL
    descriptionAccording to the version of the openssl110h packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key.(CVE-2018-0735) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-09-24
    plugin id129175
    published2019-09-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129175
    titleEulerOS 2.0 SP5 : openssl110h (EulerOS-SA-2019-1981)
  • NASL familyMisc.
    NASL idORACLE_ENTERPRISE_MANAGER_OPS_CENTER_APR_2019_CPU.NASL
    descriptionThe version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - A deserialization vulnerability in Apache Commons FileUpload allows for remote code execution. (CVE-2016-1000031) - An information disclosure vulnerability exists in OpenSSL due to the potential for a side-channel timing attack. An unauthenticated attacker can exploit this to disclose potentially sensitive information. (CVE-2018-0734) - A denial of service (DoS) vulnerability exists in Apache HTTP Server 2.4.17 to 2.4.34, due to a design error. An unauthenticated, remote attacker can exploit this issue by sending continuous, large SETTINGS frames to cause a client to occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. (CVE-2018-11763). - Networking component of Enterprise Manager Base Platform (Spring Framework) is easily exploited and may allow an unauthenticated, remote attacker to takeover the Enterprise Manager Base Platform. (CVE-2018-1258)
    last seen2020-06-01
    modified2020-06-02
    plugin id125147
    published2019-05-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125147
    titleOracle Enterprise Manager Ops Center (Apr 2019 CPU)
  • NASL familyMisc.
    NASL idNODEJS_2018_NOV.NASL
    descriptionThe version of Node.js installed on the remote host is 6.x prior to 6.15.0, 8.x prior to 8.14.0 or 10.x prior to 10.14.0 or 11.x prior to 11.3.0. Therefore, it is affected by multiple vulnerabilities. - OpenSSL Timing vulnerability in DSA signature generation (CVE-2018-0734). - OpenSSL Timing vulnerability in ECDSA signature generation (CVE-2018-0735). - OpenSSL Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407). - Debugger port 5858 listens on any interface by default CVE-2018-12120). - Denial of Service with large HTTP headers (CVE-2018-12121). - Slowloris HTTP Denial of Service (CVE-2018-12122). - Hostname spoofing in URL parser for javascript protocol (CVE-2018-12123). - HTTP request splitting (CVE-2018-12116). Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id119938
    published2018-12-28
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119938
    titleNode.js multiple vulnerabilities (November 2018 Security Releases).
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3840-1.NASL
    descriptionSamuel Weiser discovered that OpenSSL incorrectly handled DSA signing. An attacker could possibly use this issue to perform a timing side-channel attack and recover private DSA keys. (CVE-2018-0734) Samuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-0735) Billy Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri, and Alejandro Cabrera Aldaya discovered that Simultaneous Multithreading (SMT) architectures are vulnerable to side-channel leakage. This issue is known as
    last seen2020-06-01
    modified2020-06-02
    plugin id119497
    published2018-12-07
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119497
    titleUbuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : openssl, openssl1.0 vulnerabilities (USN-3840-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1465.NASL
    descriptionThis update for openssl-1_1 fixes the following issues : Security issues fixed : - CVE-2018-0734: timing vulnerability in DSA signature generation (bsc#1113652). - CVE-2018-0735: timing vulnerability in ECDSA signature generation (bsc#1113651). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-05
    modified2018-11-26
    plugin id119140
    published2018-11-26
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119140
    titleopenSUSE Security Update : openssl-1_1 (openSUSE-2018-1465)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1586.NASL
    descriptionCVE-2018-0735 Samuel Weiser reported a timing vulnerability in the OpenSSL ECDSA signature generation, which might leak information to recover the private key. CVE-2018-5407 Alejandro Cabrera Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and Nicola Tuveri reported a vulnerability to a timing side channel attack, which might be used to recover the private key. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id119103
    published2018-11-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119103
    titleDebian DLA-1586-1 : openssl security update
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4348.NASL
    descriptionSeveral local side channel attacks and a denial of service via large Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit.
    last seen2020-06-01
    modified2020-06-02
    plugin id119313
    published2018-12-01
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119313
    titleDebian DSA-4348-1 : openssl - security update
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_238AE7DEDBA211E8B713B499BAEBFEAF.NASL
    descriptionThe OpenSSL project reports : Timing vulnerability in ECDSA signature generation (CVE-2018-0735): The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key (Low). Timing vulnerability in DSA signature generation (CVE-2018-0734) : Avoid a timing attack that leaks information via a side channel that triggers when a BN is resized. Increasing the size of the BNs prior to doing anything with them suppresses the attack (Low).
    last seen2020-06-01
    modified2020-06-02
    plugin id118496
    published2018-10-30
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118496
    titleFreeBSD : OpenSSL -- Multiple vulnerabilities in 1.1 branch (238ae7de-dba2-11e8-b713-b499baebfeaf)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3700.NASL
    descriptionAn update for openssl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. The following packages have been upgraded to a later upstream version: openssl (1.1.1c). (BZ#1643026) Security Fix(es) : * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) * openssl: timing side channel attack in the ECDSA signature generation (CVE-2018-0735) * openssl: ChaCha20-Poly1305 with long nonces (CVE-2019-1543) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id130567
    published2019-11-06
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130567
    titleRHEL 8 : openssl (RHSA-2019:3700)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3863-1.NASL
    descriptionThis update for openssl-1_1 fixes the following issues : Security issues fixed : CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652). CVE-2018-0735: Fixed timing vulnerability in ECDSA signature generation (bsc#1113651). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-01-02
    plugin id120166
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120166
    titleSUSE SLED15 / SLES15 Security Update : openssl-1_1 (SUSE-SU-2018:3863-1)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0206_OPENSSL.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl packages installed that are affected by multiple vulnerabilities: - The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). (CVE-2018-0734) - If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable non- stitched ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). (CVE-2019-1559) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id129941
    published2019-10-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129941
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2019-0206)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0254_OPENSSL.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has openssl packages installed that are affected by multiple vulnerabilities: - The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). (CVE-2018-0734) - If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable non- stitched ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). (CVE-2019-1559) - The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1). (CVE-2018-0735) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id132467
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132467
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : openssl Multiple Vulnerabilities (NS-SA-2019-0254)
  • NASL familyCGI abuses
    NASL idORACLE_PRIMAVERA_P6_EPPM_CPU_APR_2019.NASL
    descriptionAccording to its self-reported version number, the Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM) installation running on the remote web server is 8.4 prior to 8.4.15.10, 15.x prior to 15.2.18.4, 16.x prior to 16.2.17.2, 17.x prior to 17.12.12.0, or 18.x prior to 18.8.8.0. It is, therefore, affected by multiple vulnerabilities: - A deserialization vulnerability in Apache Commons FileUpload allows for remote code execution. (CVE-2016-1000031) - A denial of service vulnerability in the bundled third-party component OpenSSL library
    last seen2020-06-01
    modified2020-06-02
    plugin id124169
    published2019-04-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124169
    titleOracle Primavera P6 Enterprise Project Portfolio Management (EPPM) Multiple Vulnerabilities (Apr 2019 CPU)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_2A86F45AFC3C11E8A41400155D006B02.NASL
    descriptionNode.js reports : Updates are now available for all active Node.js release lines. These include fixes for the vulnerabilities identified in the initial announcement. They also include upgrades of Node.js 6 and 8 to OpenSSL 1.0.2q, and upgrades of Node.js 10 and 11 to OpenSSL 1.1.0j. We recommend that all Node.js users upgrade to a version listed below as soon as possible. Debugger port 5858 listens on any interface by default (CVE-2018-12120) All versions of Node.js 6 are vulnerable and the severity is HIGH. When the debugger is enabled with node --debug or node debug, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate arbitrary JavaScript. The default interface is now localhost. It has always been possible to start the debugger on a specific interface, such as node --debug=localhost. The debugger was removed in Node.js 8 and replaced with the inspector, so no versions from 8 and later are vulnerable. Denial of Service with large HTTP headers (CVE-2018-12121) All versions of 6 and later are vulnerable and the severity is HIGH. By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer. The total size of HTTP headers received by Node.js now must not exceed 8192 bytes.
    last seen2020-06-01
    modified2020-06-02
    plugin id119511
    published2018-12-10
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119511
    titleFreeBSD : node.js -- multiple vulnerabilities (2a86f45a-fc3c-11e8-a414-00155d006b02)
  • NASL familyMisc.
    NASL idVIRTUALBOX_JAN_2019_CPU.NASL
    descriptionThe version of Oracle VM VirtualBox running on the remote host is 5.2.x prior to 5.2.24 or 6.0.x prior to 6.0.2. It is, therefore, affected by multiple vulnerabilities as noted in the January 2018 Critical Patch Update advisory : - A denial of service vulnerability in the bundled third-party component OpenSSL library
    last seen2020-06-01
    modified2020-06-02
    plugin id121247
    published2019-01-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121247
    titleOracle VM VirtualBox 5.2.x < 5.2.24 / 6.0.x < 6.0.2 (Jan 2019 CPU)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-A8FFCFF7EE.NASL
    descriptionMinor update to version 1.1.1a with bug fixes and low impact security fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-01-18
    plugin id121239
    published2019-01-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121239
    titleFedora 29 : 1:openssl (2019-a8ffcff7ee)
  • NASL familyMisc.
    NASL idORACLE_TUXEDO_CPU_APR_2019.NASL
    descriptionThe version of Oracle Tuxedo installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities: - An information disclosure vulnerability exists in OpenSSL due to the potential for a side-channel timing attack. An unauthenticated attacker can exploit this to disclose potentially sensitive information. (CVE-2018-0734, CVE-2018-0735, CVE-2018-5407)
    last seen2020-06-01
    modified2020-06-02
    plugin id124171
    published2019-04-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124171
    titleOracle Tuxedo Multiple Vulnerabilities (Apr 2019 CPU)

Redhat

advisories
rhsa
idRHSA-2019:3700
rpms
  • openssl-1:1.1.1c-2.el8
  • openssl-debuginfo-1:1.1.1c-2.el8
  • openssl-debugsource-1:1.1.1c-2.el8
  • openssl-devel-1:1.1.1c-2.el8
  • openssl-libs-1:1.1.1c-2.el8
  • openssl-libs-debuginfo-1:1.1.1c-2.el8
  • openssl-perl-1:1.1.1c-2.el8