Vulnerabilities > CVE-2018-10846 - Covert Timing Channel vulnerability in multiple products

047910
CVSS 5.6 - MEDIUM
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE

Summary

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.

Vulnerable Configurations

Part Description Count
Application
Gnu
338
OS
Redhat
3
OS
Canonical
4
OS
Fedoraproject
2
OS
Debian
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Cross-Domain Search Timing
    An attacker initiates cross domain HTTP / GET requests and times the server responses. The timing of these responses may leak important information on what is happening on the server. Browser's same origin policy prevents the attacker from directly reading the server responses (in the absence of any other weaknesses), but does not prevent the attacker from timing the responses to requests that the attacker issued cross domain. For GET requests an attacker could for instance leverage the "img" tag in conjunction with "onload() / onerror()" javascript events. For the POST requests, an attacker could leverage the "iframe" element and leverage the "onload()" event. There is nothing in the current browser security model that prevents an attacker to use these methods to time responses to the attackers' cross domain requests. The timing for these responses leaks information. For instance, if a victim has an active session with their online e-mail account, an attacker could issue search requests in the victim's mailbox. While the attacker is not able to view the responses, based on the timings of the responses, the attacker could ask yes / no questions as to the content of victim's e-mails, who the victim e-mailed, when, etc. This is but one example; There are other scenarios where an attacker could infer potentially sensitive information from cross domain requests by timing the responses while asking the right questions that leak information.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2930-1.NASL
    descriptionThis update for gnutls fixes the following security issues : Improved mitigations against Lucky 13 class of attacks CVE-2018-10846:
    last seen2020-03-18
    modified2019-01-02
    plugin id120112
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120112
    titleSUSE SLED15 / SLES15 Security Update : gnutls (SUSE-SU-2018:2930-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2018:2930-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(120112);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/16");
    
      script_cve_id("CVE-2017-10790", "CVE-2018-10844", "CVE-2018-10845", "CVE-2018-10846");
    
      script_name(english:"SUSE SLED15 / SLES15 Security Update : gnutls (SUSE-SU-2018:2930-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for gnutls fixes the following security issues :
    
    Improved mitigations against Lucky 13 class of attacks
    
    CVE-2018-10846: 'Just in Time' PRIME + PROBE cache-based side channel
    attack can lead to plaintext recovery (bsc#1105460)
    
    CVE-2018-10845: HMAC-SHA-384 vulnerable to Lucky thirteen attack due
    to use of wrong constant (bsc#1105459)
    
    CVE-2018-10844: HMAC-SHA-256 vulnerable to Lucky thirteen attack due
    to not enough dummy function calls (bsc#1105437)
    
    CVE-2017-10790: The _asn1_check_identifier function in Libtasn1 caused
    a NULL pointer dereference and crash (bsc#1047002)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047002"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1105437"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1105459"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1105460"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-10790/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-10844/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-10845/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-10846/"
      );
      # https://www.suse.com/support/update/announcement/2018/suse-su-20182930-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?8828fca1"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Module for Desktop Applications 15:zypper in -t
    patch SUSE-SLE-Module-Desktop-Applications-15-2018-2070=1
    
    SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch
    SUSE-SLE-Module-Basesystem-15-2018-2070=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-10845");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gnutls");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gnutls-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gnutls-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutls-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutls30");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutls30-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutls30-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutlsxx-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutlsxx28");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutlsxx28-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/07/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/09/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp);
    if (os_ver == "SLED15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"gnutls-debugsource-3.6.2-6.3.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libgnutls30-32bit-3.6.2-6.3.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libgnutls30-32bit-debuginfo-3.6.2-6.3.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"gnutls-3.6.2-6.3.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"gnutls-debuginfo-3.6.2-6.3.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"gnutls-debugsource-3.6.2-6.3.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"libgnutls-devel-3.6.2-6.3.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"libgnutls30-3.6.2-6.3.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"libgnutls30-debuginfo-3.6.2-6.3.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"libgnutlsxx-devel-3.6.2-6.3.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"libgnutlsxx28-3.6.2-6.3.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"libgnutlsxx28-debuginfo-3.6.2-6.3.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"gnutls-debugsource-3.6.2-6.3.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"libgnutls30-32bit-3.6.2-6.3.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"libgnutls30-32bit-debuginfo-3.6.2-6.3.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"gnutls-3.6.2-6.3.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"gnutls-debuginfo-3.6.2-6.3.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"gnutls-debugsource-3.6.2-6.3.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"libgnutls-devel-3.6.2-6.3.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"libgnutls30-3.6.2-6.3.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"libgnutls30-debuginfo-3.6.2-6.3.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"libgnutlsxx-devel-3.6.2-6.3.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"libgnutlsxx28-3.6.2-6.3.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"libgnutlsxx28-debuginfo-3.6.2-6.3.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnutls");
    }
    
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0068_GNUTLS.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has gnutls packages installed that are affected by multiple vulnerabilities: - It was found that GnuTLS
    last seen2020-06-01
    modified2020-06-02
    plugin id127268
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127268
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : gnutls Multiple Vulnerabilities (NS-SA-2019-0068)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from ZTE advisory NS-SA-2019-0068. The text
    # itself is copyright (C) ZTE, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(127268);
      script_version("1.2");
      script_cvs_date("Date: 2019/10/17 14:31:04");
    
      script_cve_id("CVE-2018-10844", "CVE-2018-10845", "CVE-2018-10846");
    
      script_name(english:"NewStart CGSL CORE 5.04 / MAIN 5.04 : gnutls Multiple Vulnerabilities (NS-SA-2019-0068)");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote machine is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has gnutls packages installed that are affected by
    multiple vulnerabilities:
    
      - It was found that GnuTLS's implementation of HMAC-
        SHA-256 was vulnerable to Lucky Thirteen-style attack. A
        remote attacker could use this flaw to conduct
        distinguishing attacks and plain text recovery attacks
        via statistical analysis of timing data using crafted
        packets. (CVE-2018-10844)
    
      - It was found that GnuTLS's implementation of HMAC-
        SHA-384 was vulnerable to a Lucky Thirteen-style attack.
        A remote attacker could use this flaw to conduct
        distinguishing attacks and plain text recovery attacks
        via statistical analysis of timing data using crafted
        packets. (CVE-2018-10845)
    
      - A cache-based side channel attack was found in the way
        GnuTLS implements CBC-mode cipher suites. An attacker
        could use a combination of Just in Time Prime+probe
        and Lucky-13 attacks to recover plain text in a cross-VM
        attack scenario. (CVE-2018-10846)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0068");
      script_set_attribute(attribute:"solution", value:
    "Upgrade the vulnerable CGSL gnutls packages. Note that updated packages may not be available yet. Please contact ZTE for
    more information.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-10845");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"NewStart CGSL Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/ZTE-CGSL/release");
    if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux");
    
    if (release !~ "CGSL CORE 5.04" &&
        release !~ "CGSL MAIN 5.04")
      audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');
    
    if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu);
    
    flag = 0;
    
    pkgs = {
      "CGSL CORE 5.04": [
        "gnutls-3.3.29-9.el7_6",
        "gnutls-c++-3.3.29-9.el7_6",
        "gnutls-dane-3.3.29-9.el7_6",
        "gnutls-debuginfo-3.3.29-9.el7_6",
        "gnutls-devel-3.3.29-9.el7_6",
        "gnutls-utils-3.3.29-9.el7_6"
      ],
      "CGSL MAIN 5.04": [
        "gnutls-3.3.29-9.el7_6",
        "gnutls-c++-3.3.29-9.el7_6",
        "gnutls-dane-3.3.29-9.el7_6",
        "gnutls-debuginfo-3.3.29-9.el7_6",
        "gnutls-devel-3.3.29-9.el7_6",
        "gnutls-utils-3.3.29-9.el7_6"
      ]
    };
    pkg_list = pkgs[release];
    
    foreach (pkg in pkg_list)
      if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnutls");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-3050.NASL
    descriptionFrom Red Hat Security Advisory 2018:3050 : An update for gnutls is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls (3.3.29). (BZ#1561481) Security Fix(es) : * gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (CVE-2018-10844) * gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (CVE-2018-10845) * gnutls:
    last seen2020-06-01
    modified2020-06-02
    plugin id118764
    published2018-11-07
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118764
    titleOracle Linux 7 : gnutls (ELSA-2018-3050)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3050.NASL
    descriptionAn update for gnutls is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls (3.3.29). (BZ#1561481) Security Fix(es) : * gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (CVE-2018-10844) * gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (CVE-2018-10845) * gnutls:
    last seen2020-06-01
    modified2020-06-02
    plugin id118516
    published2018-10-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118516
    titleRHEL 7 : gnutls (RHSA-2018:3050)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1049.NASL
    descriptionThis update for gnutls fixes the following issues : Security issues fixed : - Improved mitigations against Lucky 13 class of attacks - CVE-2018-10846:
    last seen2020-06-05
    modified2018-09-27
    plugin id117792
    published2018-09-27
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117792
    titleopenSUSE Security Update : gnutls (openSUSE-2018-1049)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20181030_GNUTLS_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (CVE-2018-10844) - gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (CVE-2018-10845) - gnutls:
    last seen2020-03-18
    modified2018-11-27
    plugin id119184
    published2018-11-27
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119184
    titleScientific Linux Security Update : gnutls on SL7.x x86_64 (20181030)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1092.NASL
    descriptionThis update for gnutls fixes the following security issues : - Improved mitigations against Lucky 13 class of attacks - CVE-2018-10846:
    last seen2020-06-05
    modified2018-10-03
    plugin id117897
    published2018-10-03
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117897
    titleopenSUSE Security Update : gnutls (openSUSE-2018-1092)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1560.NASL
    descriptionA set of vulnerabilities was discovered in GnuTLS which allowed attackers to do plain text recovery on TLS connections with certain cipher types. CVE-2018-10844 It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets. CVE-2018-10845 It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets. CVE-2018-10846 A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of
    last seen2020-06-01
    modified2020-06-02
    plugin id118504
    published2018-10-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118504
    titleDebian DLA-1560-1 : gnutls28 security update
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1693.NASL
    descriptionAccording to the version of the gnutls packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A cache-based side channel attack was found in the way GnuTLS implements CBC-mode cipher suites. An attacker could use a combination of
    last seen2020-06-01
    modified2020-06-02
    plugin id126535
    published2019-07-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126535
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : gnutls (EulerOS-SA-2019-1693)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2825-1.NASL
    descriptionThis update for gnutls fixes the following issues : This update for gnutls fixes the following issues : Security issues fixed : Improved mitigations against Lucky 13 class of attacks
    last seen2020-06-01
    modified2020-06-02
    plugin id117696
    published2018-09-25
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117696
    titleSUSE SLES12 Security Update : gnutls (SUSE-SU-2018:2825-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2825-2.NASL
    descriptionThis update for gnutls fixes the following issues : This update for gnutls fixes the following issues : Security issues fixed : Improved mitigations against Lucky 13 class of attacks
    last seen2020-06-01
    modified2020-06-02
    plugin id118292
    published2018-10-22
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118292
    titleSUSE SLES12 Security Update : gnutls (SUSE-SU-2018:2825-2)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1743.NASL
    descriptionAccording to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A cache-based side channel attack was found in the way GnuTLS implements CBC-mode cipher suites. An attacker could use a combination of
    last seen2020-05-06
    modified2019-07-22
    plugin id126870
    published2019-07-22
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126870
    titleEulerOS 2.0 SP2 : gnutls (EulerOS-SA-2019-1743)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2020-D14280A6E8.NASL
    descriptionhttps://lists.gnupg.org/pipermail/gnutls-help/2020-March/004642.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-15
    modified2020-05-08
    plugin id136416
    published2020-05-08
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136416
    titleFedora 31 : mingw-gnutls (2020-d14280a6e8)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2842-1.NASL
    descriptionThis update for gnutls fixes the following issues : Security issues fixed : Improved mitigations against Lucky 13 class of attacks -
    last seen2020-06-01
    modified2020-06-02
    plugin id117702
    published2018-09-25
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117702
    titleSUSE SLED12 / SLES12 Security Update : gnutls (SUSE-SU-2018:2842-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-746.NASL
    descriptionThis update for gnutls fixes the following security issues : - Improved mitigations against Lucky 13 class of attacks - CVE-2018-10846:
    last seen2020-06-01
    modified2020-06-02
    plugin id123319
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123319
    titleopenSUSE Security Update : gnutls (openSUSE-2019-746)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3999-1.NASL
    descriptionEyal Ronen, Kenneth G. Paterson, and Adi Shamir discovered that GnuTLS was vulnerable to a timing side-channel attack known as the
    last seen2020-06-01
    modified2020-06-02
    plugin id125622
    published2019-05-31
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125622
    titleUbuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : gnutls28 vulnerabilities (USN-3999-1)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2018-1120.NASL
    descriptionIt was found that GnuTLS
    last seen2020-05-19
    modified2018-12-10
    plugin id119503
    published2018-12-10
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119503
    titleAmazon Linux 2 : gnutls (ALAS-2018-1120)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2016.NASL
    descriptionAccording to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A cache-based side channel attack was found in the way GnuTLS implements CBC-mode cipher suites. An attacker could use a combination of
    last seen2020-05-08
    modified2019-09-24
    plugin id129209
    published2019-09-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129209
    titleEulerOS 2.0 SP3 : gnutls (EulerOS-SA-2019-2016)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1676.NASL
    descriptionAccording to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A cache-based side channel attack was found in the way GnuTLS implements CBC-mode cipher suites. An attacker could use a combination of
    last seen2020-05-06
    modified2019-07-02
    plugin id126418
    published2019-07-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126418
    titleEulerOS 2.0 SP5 : gnutls (EulerOS-SA-2019-1676)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-3050.NASL
    descriptionAn update for gnutls is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls (3.3.29). (BZ#1561481) Security Fix(es) : * gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (CVE-2018-10844) * gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (CVE-2018-10845) * gnutls:
    last seen2020-03-28
    modified2018-12-17
    plugin id119690
    published2018-12-17
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119690
    titleCentOS 7 : gnutls (CESA-2018:3050)

Redhat

advisories
  • bugzilla
    id1582574
    title PRIME + PROBE cache-based side channel attack can lead to plaintext recovery
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentgnutls-devel is earlier than 0:3.3.29-8.el7
            ovaloval:com.redhat.rhsa:tst:20183050001
          • commentgnutls-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20120429008
        • AND
          • commentgnutls-c++ is earlier than 0:3.3.29-8.el7
            ovaloval:com.redhat.rhsa:tst:20183050003
          • commentgnutls-c++ is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140684002
        • AND
          • commentgnutls-dane is earlier than 0:3.3.29-8.el7
            ovaloval:com.redhat.rhsa:tst:20183050005
          • commentgnutls-dane is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140684004
        • AND
          • commentgnutls-utils is earlier than 0:3.3.29-8.el7
            ovaloval:com.redhat.rhsa:tst:20183050007
          • commentgnutls-utils is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20120429004
        • AND
          • commentgnutls is earlier than 0:3.3.29-8.el7
            ovaloval:com.redhat.rhsa:tst:20183050009
          • commentgnutls is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20120429002
    rhsa
    idRHSA-2018:3050
    released2018-10-30
    severityModerate
    titleRHSA-2018:3050: gnutls security, bug fix, and enhancement update (Moderate)
  • rhsa
    idRHSA-2018:3505
rpms
  • gnutls-0:3.3.29-8.el7
  • gnutls-c++-0:3.3.29-8.el7
  • gnutls-dane-0:3.3.29-8.el7
  • gnutls-debuginfo-0:3.3.29-8.el7
  • gnutls-devel-0:3.3.29-8.el7
  • gnutls-utils-0:3.3.29-8.el7