{"id": "OPENVAS:1361412562310843848", "type": "openvas", "bulletinFamily": "scanner", "title": "Ubuntu Update for openssl USN-3840-1", "description": "The remote host is missing an update for the ", "published": "2018-12-07T00:00:00", "modified": "2019-03-18T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843848", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["http://www.ubuntu.com/usn/usn-3840-1/", "3840-1"], "cvelist": ["CVE-2018-0734", "CVE-2018-5407", "CVE-2018-0735"], "lastseen": "2019-05-29T18:33:22", "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "f5", "idList": ["F5:K43741620", "F5:K49711130"]}, {"type": "cve", "idList": ["CVE-2018-0734", "CVE-2018-0735", "CVE-2018-5407"]}, {"type": "ubuntu", "idList": ["USN-3840-1"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:DCF842DDD89D1624E7B2FFAA64957639"]}, {"type": "nessus", "idList": ["OPENSUSE-2018-1465.NASL", "ORACLE_TUXEDO_CPU_APR_2019.NASL", "OPENSSL_1_1_1A.NASL", "DEBIAN_DLA-1586.NASL", "SUSE_SU-2018-3945-1.NASL", "PHOTONOS_PHSA-2018-1_0-0199_OPENSSL.NASL", "DEBIAN_DSA-4348.NASL", "FREEBSD_PKG_238AE7DEDBA211E8B713B499BAEBFEAF.NASL", "UBUNTU_USN-3840-1.NASL", "SUSE_SU-2018-3863-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310108483", "OPENVAS:1361412562310891586", "OPENVAS:1361412562310112408", "OPENVAS:1361412562310112409", "OPENVAS:1361412562311220191267", "OPENVAS:1361412562310704348", "OPENVAS:1361412562310112410", "OPENVAS:1361412562310112411", "OPENVAS:1361412562310852145", "OPENVAS:1361412562310108484"]}, {"type": "symantec", "idList": ["SMNTC-105758", "SMNTC-1490"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-4754", "ELSA-2019-3700", "ELSA-2019-0483", "ELSA-2019-2304"]}, {"type": "centos", "idList": ["CESA-2019:0483"]}, {"type": "redhat", "idList": ["RHSA-2019:3700", "RHSA-2019:0483"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4355-1:1415E", "DEBIAN:DLA-1586-1:00096", "DEBIAN:DSA-4348-1:05673"]}, {"type": "archlinux", "idList": ["ASA-201812-5", "ASA-201812-8", "ASA-201812-7", "ASA-201812-6"]}, {"type": "freebsd", "idList": ["2A86F45A-FC3C-11E8-A414-00155D006B02", "238AE7DE-DBA2-11E8-B713-B499BAEBFEAF", "6F170CF2-E6B7-11E8-A9A8-B499BAEBFEAF"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:3890-1", "OPENSUSE-SU-2018:4104-1", "OPENSUSE-SU-2018:3903-1", "OPENSUSE-SU-2018:4050-1"]}, {"type": "aix", "idList": ["OPENSSL_ADVISORY29.ASC"]}, {"type": "slackware", "idList": ["SSA-2018-325-01"]}, {"type": "fedora", "idList": ["FEDORA:67D5B602F037"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2018-0735"]}, {"type": "threatpost", "idList": ["THREATPOST:C8DA8A39B0B2F8129283330AD5901020"]}, {"type": "tenable", "idList": ["TENABLE:06E92CDD3238BF04334DF71161431249"]}, {"type": "thn", "idList": ["THN:ED6AA651CF0924A51404298103765C4C"]}], "modified": "2019-05-29T18:33:22", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2019-05-29T18:33:22", "rev": 2}, "vulnersScore": 7.1}, "pluginID": "1361412562310843848", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3840_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for openssl USN-3840-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843848\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2018-0734\", \"CVE-2018-0735\", \"CVE-2018-5407\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-12-07 07:39:41 +0100 (Fri, 07 Dec 2018)\");\n script_name(\"Ubuntu Update for openssl USN-3840-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|18\\.04 LTS|18\\.10|16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3840-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3840-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the USN-3840-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Samuel Weiser discovered that OpenSSL incorrectly handled DSA signing. An\nattacker could possibly use this issue to perform a timing side-channel\nattack and recover private DSA keys. (CVE-2018-0734)\n\nSamuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. An\nattacker could possibly use this issue to perform a timing side-channel\nattack and recover private ECDSA keys. This issue only affected Ubuntu\n18.04 LTS and Ubuntu 18.10. (CVE-2018-0735)\n\nBilly Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri,\nand Alejandro Cabrera Aldaya discovered that Simultaneous Multithreading\n(SMT) architectures are vulnerable to side-channel leakage. This issue is\nknown as 'PortSmash'. An attacker could possibly use this issue to perform\na timing side-channel attack and recover private keys. (CVE-2018-5407)\");\n\n script_tag(name:\"affected\", value:\"openssl on Ubuntu 18.10,\n Ubuntu 18.04 LTS,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1f-1ubuntu2.27\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.2n-1ubuntu5.2\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl1.1\", ver:\"1.1.0g-2ubuntu4.3\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.2n-1ubuntu6.1\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl1.1\", ver:\"1.1.1-1ubuntu2.1\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.2g-1ubuntu4.14\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Ubuntu Local Security Checks"}

{"f5": [{"lastseen": "2020-04-06T22:39:46", "bulletinFamily": "software", "cvelist": ["CVE-2018-0734", "CVE-2018-0735"], "description": "\nF5 Product Development has assigned CPF-25030 (Traffix) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 14.x2 | None | Not applicable | Not vulnerable | None | None \n13.x | None | Not applicable \n12.x | None | Not applicable \n11.x | None | Not applicable \nEnterprise Manager | 3.x | None | Not applicable | Not vulnerable | None | None \nBIG-IQ Centralized Management | 6.x | None | Not applicable | Not vulnerable | None | None \n5.x | None | Not applicable \nF5 iWorkflow | 2.x | None | Not applicable | Not vulnerable | None | None \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Medium | [5.1](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N>) | OpenSSL \n4.x | 4.4.0 | None \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n2 BIG-IP 14.1.0 contains the affected code. However, F5 identifies the vulnerability status as Not vulnerable because the attacker would need to be logged in to the affected system with a local administrator account to exploit it.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2018-12-15T03:22:00", "published": "2018-12-15T03:22:00", "id": "F5:K43741620", "href": "https://support.f5.com/csp/article/K43741620", "title": "OpenSSL vulnerabilities CVE-2018-0734 and CVE-2018-0735", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-04-06T22:40:06", "bulletinFamily": "software", "cvelist": ["CVE-2018-5407"], "description": "\nF5 Product Development has assigned IDs 751143 and 751152 (BIG-IP), ID 751143-7 (BIG-IQ Centralized Management), ID 751143-8 (F5 iWorkflow), ID 751143-9 (Enterprise Manager), and CPF-25013 and CPF-25014 (Traffix) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases, point releases, or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 15.x | None | 15.0.0 | Medium | [5.3](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N>) | OpenSSL EC algorithm (LTM SSL profiles, iApps LX, iRules LX, big3d, Configuration utility), CPU \n14.x | 14.0.0 - 14.1.2 | 14.1.2.1 \n13.x | 13.0.0 - 13.1.3 | None \n12.x | 12.1.0 - 12.1.5 | None \n11.x | 11.2.1 - 11.6.5 | None \nEnterprise Manager | 3.x | 3.1.1 | None | Medium | [5.3](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N>) | OpenSSL EC algorithm, CPU \nBIG-IQ Centralized Management | 6.x | 6.0.0 - 6.0.1 | None | Medium | [5.3](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N>) | OpenSSL EC algorithm, CPU \n5.x | 5.0.0 - 5.4.0 | None \nF5 iWorkflow | 2.x | 2.3.0 | None | Medium | [5.3](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N>) | OpenSSL EC algorithm, CPU \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Medium | [4.8](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N>) | OpenSSL EC algorithm, CPU \n4.x | 4.4.0 | None \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\nVulnerable platforms\n\nBIG-IP\n\n * Virtual Edition\n\nThe following platforms when vCMP guests are deployed:\n\n * VIPRION B2100\n * VIPRION B2150\n * VIPRION B2250\n * VIPRION B4200\n * VIPRION B4300 blade in the 4400(J100) 4-slot chassis\n * VIPRION B4300 blade in the 4480(J102) 4-slot chassis\n * VIPRION B4300 blade in the 4800(S100) 8-slot chassis\n * VIPRION B4450 blade in the 4480(J102) 4-slot chassis\n * VIPRION B4450 blade in the 4800(S100) 8-slot chassis\n * BIG-IP 5200v\n * BIG-IP 5250v\n * BIG-IP 7200v\n * BIG-IP 7250v\n * BIG-IP 7255v\n * BIG-IP 10200v\n * BIG-IP 10250v\n * BIG-IP 10350v\n * BIG-IP 12250v\n * BIG-IP i5800\n * BIG-IP i5820-DF (FIPS)\n * BIG-IP i7800\n * BIG-IP i7820-DF (FIPS)\n * BIG-IP i10800\n * BIG-IP i11400-DS, i11600-DS, i11800-DS\n * BIG-IP i11800\n * BIG-IP i15800\n\nBIG-IQ, F5 iWorkflow, Enterprise Manager, and Traffix\n\n * Virtual Edition/Virtual Platform\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nTo mitigate the vulnerability in multi-tenancy BIG-IP Virtual Clustered Multiprocessing (vCMP) configurations, ensure that all guests are set to at least two **Cores Per Guest**. Similarly, VE systems can be protected if the hypervisor ensures that potentially hostile co-guests cannot be scheduled on the same physical CPU.\n\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-09-24T18:21:00", "published": "2018-11-30T03:19:00", "id": "F5:K49711130", "href": "https://support.f5.com/csp/article/K49711130", "title": "OpenSSL and Intel processor SMT side-channel vulnerability (PortSmash) CVE-2018-5407", "type": "f5", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2020-12-09T20:25:44", "description": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.", "edition": 22, "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2018-11-15T21:29:00", "title": "CVE-2018-5407", "type": "cve", "cwe": ["CWE-203"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5407"], "modified": "2020-09-18T16:58:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_tus:7.6", "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:oracle:application_server:1.0.1", "cpe:/a:oracle:enterprise_manager_base_platform:12.1.0.5.0", "cpe:/a:oracle:enterprise_manager_ops_center:12.3.3", "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2", "cpe:/a:oracle:mysql_enterprise_backup:4.1.2", "cpe:/a:oracle:api_gateway:11.1.2.4.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.56", "cpe:/o:redhat:enterprise_linux_server_aus:7.6", "cpe:/a:oracle:enterprise_manager_base_platform:13.3.0.0.0", "cpe:/a:oracle:tuxedo:12.1.1.0.0", "cpe:/o:redhat:enterprise_linux_server:7.6", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.55", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1", "cpe:/a:oracle:enterprise_manager_base_platform:13.2.0.0.0", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.57", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/a:oracle:mysql_enterprise_backup:3.12.3", "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:17.12", "cpe:/a:oracle:application_server:0.9.8", "cpe:/a:oracle:application_server:1.0.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.6", "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8", "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-5407", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5407", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql_enterprise_backup:3.12.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_server:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_server:0.9.8:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_server:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql_enterprise_backup:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.12:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2020-12-09T20:25:29", "description": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).", "edition": 17, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-10-29T13:29:00", "title": "CVE-2018-0735", "type": "cve", "cwe": ["CWE-327"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0735"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4", "cpe:/a:netapp:snapdrive:-", "cpe:/a:netapp:smi-s_provider:-", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:oracle:application_server:1.0.1", "cpe:/a:netapp:oncommand_unified_manager:*", "cpe:/a:oracle:enterprise_manager_base_platform:12.1.0.5.0", "cpe:/a:oracle:enterprise_manager_ops_center:12.3.3", "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2", "cpe:/o:netapp:cn1610_firmware:-", "cpe:/a:oracle:mysql:5.7.24", "cpe:/a:oracle:api_gateway:11.1.2.4.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:netapp:cloud_backup:-", "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2", "cpe:/a:openssl:openssl:1.1.1", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:nodejs:node.js:10.14.1", "cpe:/a:netapp:steelstore:-", "cpe:/a:nodejs:node.js:11.4.0", "cpe:/a:oracle:mysql:8.0.13", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.56", "cpe:/a:oracle:enterprise_manager_base_platform:13.3.0.0.0", "cpe:/a:oracle:tuxedo:12.1.1.0.0", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.55", "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1", "cpe:/a:oracle:secure_global_desktop:5.4", "cpe:/a:oracle:enterprise_manager_base_platform:13.2.0.0.0", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.57", "cpe:/a:netapp:element_software:-", "cpe:/a:openssl:openssl:1.1.0i", "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:17.12", "cpe:/a:oracle:mysql:5.6.42", "cpe:/a:oracle:application_server:0.9.8", "cpe:/a:oracle:application_server:1.0.0", "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8", "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1", "cpe:/a:netapp:santricity_smi-s_provider:-", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-0735", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0735", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:8.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_server:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:11.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_server:0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "cpe:2.3:a:nodejs:node.js:10.14.1:*:*:*:lts:*:*:*", "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.42:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.1.0i:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_server:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.24:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.12:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2020-12-09T20:25:29", "description": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).", "edition": 18, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-10-30T12:29:00", "title": "CVE-2018-0734", "type": "cve", "cwe": ["CWE-327"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0734"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:oracle:primavera_p6_professional_project_management:17.12", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:oracle:e-business_suite_technology_stack:1.0.1", "cpe:/a:netapp:oncommand_unified_manager:*", "cpe:/a:oracle:primavera_p6_professional_project_management:16.1", "cpe:/a:oracle:enterprise_manager_base_platform:12.1.0.5.0", "cpe:/a:oracle:primavera_p6_professional_project_management:18.8", "cpe:/a:oracle:enterprise_manager_ops_center:12.3.3", "cpe:/a:openssl:openssl:1.0.2p", "cpe:/a:oracle:e-business_suite_technology_stack:0.9.8", "cpe:/o:netapp:cn1610_firmware:-", "cpe:/a:oracle:primavera_p6_professional_project_management:15.2", "cpe:/a:oracle:mysql_enterprise_backup:4.1.2", "cpe:/a:oracle:api_gateway:11.1.2.4.0", "cpe:/a:netapp:cloud_backup:-", "cpe:/a:openssl:openssl:1.1.1", "cpe:/a:nodejs:node.js:8.14.0", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:nodejs:node.js:6.15.1", "cpe:/a:nodejs:node.js:10.14.1", "cpe:/a:netapp:steelstore:-", "cpe:/a:nodejs:node.js:11.4.0", "cpe:/a:oracle:primavera_p6_professional_project_management:16.2", "cpe:/a:netapp:snapcenter:-", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.56", "cpe:/a:oracle:enterprise_manager_base_platform:13.3.0.0.0", "cpe:/a:oracle:tuxedo:12.1.1.0.0", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.55", "cpe:/a:oracle:enterprise_manager_base_platform:13.2.0.0.0", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.57", "cpe:/a:netapp:storage_automation_store:-", "cpe:/a:oracle:primavera_p6_professional_project_management:15.1", "cpe:/a:openssl:openssl:1.1.0i", "cpe:/a:oracle:mysql_enterprise_backup:3.12.3", "cpe:/a:oracle:primavera_p6_professional_project_management:8.4", "cpe:/a:oracle:e-business_suite_technology_stack:1.0.0", "cpe:/a:netapp:santricity_smi-s_provider:-", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-0734", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0734", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:e-business_suite_technology_stack:0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql_enterprise_backup:3.12.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_professional_project_management:16.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_professional_project_management:15.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_professional_project_management:16.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:8.14.0:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:oracle:primavera_p6_professional_project_management:15.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:11.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:e-business_suite_technology_stack:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_professional_project_management:17.12:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:6.15.1:*:*:*:lts:*:*:*", "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:10.14.1:*:*:*:lts:*:*:*", "cpe:2.3:a:oracle:e-business_suite_technology_stack:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2p:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.1.0i:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_professional_project_management:18.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql_enterprise_backup:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_professional_project_management:8.4:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-02T11:33:16", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-5407", "CVE-2018-0735"], "description": "Samuel Weiser discovered that OpenSSL incorrectly handled DSA signing. An \nattacker could possibly use this issue to perform a timing side-channel \nattack and recover private DSA keys. (CVE-2018-0734)\n\nSamuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. An \nattacker could possibly use this issue to perform a timing side-channel \nattack and recover private ECDSA keys. This issue only affected Ubuntu \n18.04 LTS and Ubuntu 18.10. (CVE-2018-0735)\n\nBilly Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri, \nand Alejandro Cabrera Aldaya discovered that Simultaneous Multithreading \n(SMT) architectures are vulnerable to side-channel leakage. This issue is \nknown as \"PortSmash\". An attacker could possibly use this issue to perform \na timing side-channel attack and recover private keys. (CVE-2018-5407)", "edition": 4, "modified": "2018-12-06T00:00:00", "published": "2018-12-06T00:00:00", "id": "USN-3840-1", "href": "https://ubuntu.com/security/notices/USN-3840-1", "title": "OpenSSL vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:55", "bulletinFamily": "software", "cvelist": ["CVE-2018-0734", "CVE-2018-5407", "CVE-2018-0735"], "description": "# \n\n# Severity\n\nLow\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n * Canonical Ubuntu 16.04\n * Canonical Ubuntu 18.04\n\n# Description\n\nSamuel Weiser discovered that OpenSSL incorrectly handled DSA signing. An attacker could possibly use this issue to perform a timing side-channel attack and recover private DSA keys. (CVE-2018-0734)\n\nSamuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-0735)\n\nBilly Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri, and Alejandro Cabrera Aldaya discovered that Simultaneous Multithreading (SMT) architectures are vulnerable to side-channel leakage. This issue is known as \u201cPortSmash\u201d. An attacker could possibly use this issue to perform a timing side-channel attack and recover private keys. (CVE-2018-5407)\n\nCVEs contained in this USN include: CVE-2018-0734, CVE-2018-0735, CVE-2018-5407\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is low unless otherwise noted._\n\n * Cloud Foundry BOSH trusty-stemcells are vulnerable, including: \n * 3586.x versions prior to 3586.65\n * 3541.x versions prior to 3541.69\n * 3468.x versions prior to 3468.90\n * 3445.x versions prior to 3445.87\n * 3421.x versions prior to 3421.104\n * All other stemcells not listed.\n * Cloud Foundry BOSH xenial-stemcells are vulnerable, including: \n * 170.x versions prior to 170.14\n * 97.x versions prior to 97.41\n * All other stemcells not listed.\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.254.0\n * All versions of Cloud Foundry cflinuxfs3 prior to 0.46.0\n\n# Mitigation\n\nUsers of affected products are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH trusty-stemcells: \n * Upgrade 3586.x versions to 3586.65\n * Upgrade 3541.x versions to 3541.69\n * Upgrade 3468.x versions to 3468.90\n * Upgrade 3445.x versions to 3445.87\n * Upgrade 3421.x versions to 3421.104\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-trusty>).\n * The Cloud Foundry project recommends upgrading the following BOSH xenial-stemcells: \n * Upgrade 170.x versions to 170.14\n * Upgrade 97.x versions to 97.41\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-xenial>).\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.254.0 or later.\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs3 version 0.46.0 or later.\n\n# References\n\n * [USN-3840-1](<https://usn.ubuntu.com/3840-1>)\n * [CVE-2018-0734](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-0734>)\n * [CVE-2018-0735](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-0735>)\n * [CVE-2018-5407](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-5407>)\n", "edition": 3, "modified": "2018-12-27T00:00:00", "published": "2018-12-27T00:00:00", "id": "CFOUNDRY:DCF842DDD89D1624E7B2FFAA64957639", "href": "https://www.cloudfoundry.org/blog/usn-3840-1/", "title": "USN-3840-1: OpenSSL vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2020-11-05T09:26:28", "description": "The version of Oracle Tuxedo installed on the remote host is missing\na security patch. It is, therefore, affected by multiple\nvulnerabilities:\n \n - An information disclosure vulnerability exists in OpenSSL \n due to the potential for a side-channel timing attack. \n An unauthenticated attacker can exploit this to disclose \n potentially sensitive information. \n (CVE-2018-0734, CVE-2018-0735, CVE-2018-5407)\n", "edition": 15, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-04-19T00:00:00", "title": "Oracle Tuxedo Multiple Vulnerabilities (Apr 2019 CPU)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0734", "CVE-2018-5407", "CVE-2018-0735"], "modified": "2019-04-19T00:00:00", "cpe": ["cpe:/a:oracle:tuxedo", "cpe:/a:oracle:fusion_middleware"], "id": "ORACLE_TUXEDO_CPU_APR_2019.NASL", "href": "https://www.tenable.com/plugins/nessus/124171", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124171);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/04\");\n\n script_cve_id(\n \"CVE-2018-0734\",\n \"CVE-2018-0735\",\n \"CVE-2018-5407\"\n );\n script_bugtraq_id(\n 105750,\n 105758,\n 105897\n );\n script_xref(name:\"IAVA\", value:\"2019-A-0128\");\n \n script_name(english:\"Oracle Tuxedo Multiple Vulnerabilities (Apr 2019 CPU)\");\n script_summary(english:\"Checks for the patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application server installed on the remote host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle Tuxedo installed on the remote host is missing\na security patch. It is, therefore, affected by multiple\nvulnerabilities:\n \n - An information disclosure vulnerability exists in OpenSSL \n due to the potential for a side-channel timing attack. \n An unauthenticated attacker can exploit this to disclose \n potentially sensitive information. \n (CVE-2018-0734, CVE-2018-0735, CVE-2018-5407)\n\");\n # https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9166970d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the April 2019 Oracle\nCritical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0734\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:fusion_middleware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:tuxedo\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_tuxedo_installed.nbin\");\n script_require_keys(\"installed_sw/Oracle Tuxedo\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('oracle_rdbms_cpu_func.inc');\ninclude('misc_func.inc');\ninclude('install_func.inc');\n\napp_name = 'Oracle Tuxedo';\ninstall = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);\nversion = install['version'];\nrp = install['RP'];\npath = install['path'];\nrp_fix = 99;\n\nif (version !~ \"^12\\.1\\.1\\.0($|\\.|_)\") \n audit(AUDIT_INST_PATH_NOT_VULN, app_name, version + ' RP ' + rp, path);\n\nif (rp == UNKNOWN_VER || rp < rp_fix)\n{\n items = make_array('Path', path,\n 'Version', version,\n 'RP', rp,\n 'Required RP', rp_fix\n );\n order = make_list('Path', 'Version', 'RP', 'Required RP');\n report = report_items_str(report_items:items, ordered_fields:order);\n security_report_v4(port:0, extra:report, severity:SECURITY_WARNING);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, version + ' RP ' + rp, path);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T01:07:15", "description": "An update of the openssl package has been released.", "edition": 17, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-02-07T00:00:00", "title": "Photon OS 1.0: Openssl PHSA-2018-1.0-0199", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0734", "CVE-2018-5407", "CVE-2018-0735"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:openssl", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2018-1_0-0199_OPENSSL.NASL", "href": "https://www.tenable.com/plugins/nessus/121899", "sourceData": "#\n# (C) Tenable Network Security, Inc.`\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-1.0-0199. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121899);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/04/02 21:54:17\");\n\n script_cve_id(\"CVE-2018-0734\", \"CVE-2018-0735\", \"CVE-2018-5407\");\n\n script_name(english:\"Photon OS 1.0: Openssl PHSA-2018-1.0-0199\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the openssl package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-199.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0735\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openssl-1.0.2q-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openssl-1.0.2q-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openssl-1.0.2q-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openssl-debuginfo-1.0.2q-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openssl-debuginfo-1.0.2q-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openssl-debuginfo-1.0.2q-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openssl-devel-1.0.2q-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openssl-devel-1.0.2q-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openssl-devel-1.0.2q-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openssl-perl-1.0.2q-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openssl-perl-1.0.2q-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openssl-perl-1.0.2q-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T06:50:02", "description": "Samuel Weiser discovered that OpenSSL incorrectly handled DSA signing.\nAn attacker could possibly use this issue to perform a timing\nside-channel attack and recover private DSA keys. (CVE-2018-0734)\n\nSamuel Weiser discovered that OpenSSL incorrectly handled ECDSA\nsigning. An attacker could possibly use this issue to perform a timing\nside-channel attack and recover private ECDSA keys. This issue only\naffected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-0735)\n\nBilly Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola\nTuveri, and Alejandro Cabrera Aldaya discovered that Simultaneous\nMultithreading (SMT) architectures are vulnerable to side-channel\nleakage. This issue is known as 'PortSmash'. An attacker could\npossibly use this issue to perform a timing side-channel attack and\nrecover private keys. (CVE-2018-5407).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2018-12-07T00:00:00", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : openssl, openssl1.0 vulnerabilities (USN-3840-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0734", "CVE-2018-5407", "CVE-2018-0735"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libssl1.1", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3840-1.NASL", "href": "https://www.tenable.com/plugins/nessus/119497", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3840-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119497);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/09/18 12:31:49\");\n\n script_cve_id(\"CVE-2018-0734\", \"CVE-2018-0735\", \"CVE-2018-5407\");\n script_xref(name:\"USN\", value:\"3840-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : openssl, openssl1.0 vulnerabilities (USN-3840-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Samuel Weiser discovered that OpenSSL incorrectly handled DSA signing.\nAn attacker could possibly use this issue to perform a timing\nside-channel attack and recover private DSA keys. (CVE-2018-0734)\n\nSamuel Weiser discovered that OpenSSL incorrectly handled ECDSA\nsigning. An attacker could possibly use this issue to perform a timing\nside-channel attack and recover private ECDSA keys. This issue only\naffected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-0735)\n\nBilly Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola\nTuveri, and Alejandro Cabrera Aldaya discovered that Simultaneous\nMultithreading (SMT) architectures are vulnerable to side-channel\nleakage. This issue is known as 'PortSmash'. An attacker could\npossibly use this issue to perform a timing side-channel attack and\nrecover private keys. (CVE-2018-5407).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3840-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libssl1.0.0 and / or libssl1.1 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl1.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|18\\.04|18\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 18.04 / 18.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1f-1ubuntu2.27\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.2g-1ubuntu4.14\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.2n-1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libssl1.1\", pkgver:\"1.1.0g-2ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.2n-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libssl1.1\", pkgver:\"1.1.1-1ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssl1.0.0 / libssl1.1\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T09:40:06", "description": "CVE-2018-0735 Samuel Weiser reported a timing vulnerability in the\nOpenSSL ECDSA signature generation, which might leak information to\nrecover the private key.\n\nCVE-2018-5407 Alejandro Cabrera Aldaya, Billy Brumley, Sohaib ul\nHassan, Cesar Pereida Garcia and Nicola Tuveri reported a\nvulnerability to a timing side channel attack, which might be used to\nrecover the private key.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1.0.1t-1+deb8u10.\n\nWe recommend that you upgrade your openssl packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 22, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2018-11-23T00:00:00", "title": "Debian DLA-1586-1 : openssl security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5407", "CVE-2018-0735"], "modified": "2018-11-23T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libcrypto1.0.0-udeb", "cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:libssl1.0.0", "p-cpe:/a:debian:debian_linux:libssl-dev", "p-cpe:/a:debian:debian_linux:libssl-doc", "p-cpe:/a:debian:debian_linux:libssl1.0.0-dbg", "p-cpe:/a:debian:debian_linux:openssl"], "id": "DEBIAN_DLA-1586.NASL", "href": "https://www.tenable.com/plugins/nessus/119103", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1586-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119103);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-0735\", \"CVE-2018-5407\");\n\n script_name(english:\"Debian DLA-1586-1 : openssl security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2018-0735 Samuel Weiser reported a timing vulnerability in the\nOpenSSL ECDSA signature generation, which might leak information to\nrecover the private key.\n\nCVE-2018-5407 Alejandro Cabrera Aldaya, Billy Brumley, Sohaib ul\nHassan, Cesar Pereida Garcia and Nicola Tuveri reported a\nvulnerability to a timing side channel attack, which might be used to\nrecover the private key.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1.0.1t-1+deb8u10.\n\nWe recommend that you upgrade your openssl packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/openssl\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcrypto1.0.0-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl1.0.0-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libcrypto1.0.0-udeb\", reference:\"1.0.1t-1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl-dev\", reference:\"1.0.1t-1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl-doc\", reference:\"1.0.1t-1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl1.0.0\", reference:\"1.0.1t-1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl1.0.0-dbg\", reference:\"1.0.1t-1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openssl\", reference:\"1.0.1t-1+deb8u10\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-06-19T09:20:40", "description": "Several local side channel attacks and a denial of service via large\nDiffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets\nLayer toolkit.", "edition": 13, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2018-12-01T00:00:00", "title": "Debian DSA-4348-1 : openssl - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0732", "CVE-2018-0734", "CVE-2018-5407", "CVE-2018-0735", "CVE-2018-0737"], "modified": "2018-12-01T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:openssl", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4348.NASL", "href": "https://www.tenable.com/plugins/nessus/119313", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4348. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119313);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/18\");\n\n script_cve_id(\"CVE-2018-0732\", \"CVE-2018-0734\", \"CVE-2018-0735\", \"CVE-2018-0737\", \"CVE-2018-5407\");\n script_xref(name:\"DSA\", value:\"4348\");\n\n script_name(english:\"Debian DSA-4348-1 : openssl - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several local side channel attacks and a denial of service via large\nDiffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets\nLayer toolkit.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/openssl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/openssl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4348\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the openssl packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 1.1.0j-1~deb9u1. Going forward, openssl security updates\nfor stretch will be based on the 1.1.0x upstream releases.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0737\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libcrypto1.1-udeb\", reference:\"1.1.0j-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libssl-dev\", reference:\"1.1.0j-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libssl-doc\", reference:\"1.1.0j-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libssl1.1\", reference:\"1.1.0j-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libssl1.1-udeb\", reference:\"1.1.0j-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"openssl\", reference:\"1.1.0j-1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T04:33:09", "description": "According to its banner, the version of OpenSSL running on the remote\nhost is 1.1.0 prior to 1.1.1a. It is, therefore, affected by a denial\nof service vulnerability, a cache timing side channel vulnerability,\nand a microarchitecture timing side channel attack.", "edition": 20, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-01-25T00:00:00", "title": "OpenSSL 1.1.1 < 1.1.1a Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0734", "CVE-2018-0735"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_1_1A.NASL", "href": "https://www.tenable.com/plugins/nessus/121385", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121385);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/10/31 15:18:51\");\n\n script_cve_id(\"CVE-2018-0734\", \"CVE-2018-0735\");\n script_bugtraq_id(105750, 105758);\n\n script_name(english:\"OpenSSL 1.1.1 < 1.1.1a Multiple Vulnerabilities\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A service running on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of OpenSSL running on the remote\nhost is 1.1.0 prior to 1.1.1a. It is, therefore, affected by a denial\nof service vulnerability, a cache timing side channel vulnerability,\nand a microarchitecture timing side channel attack.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20181030.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20181029.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the vendor patch or upgrade to OpenSSL version 1.1.1a or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0734\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.1.1a', min:\"1.1.1\", severity:SECURITY_WARNING);\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-03-18T03:03:38", "description": "This update for openssl-1_1 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-0734: Fixed timing vulnerability in DSA signature generation\n(bsc#1113652).\n\nCVE-2018-0735: Fixed timing vulnerability in ECDSA signature\ngeneration (bsc#1113651).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-01-02T00:00:00", "title": "SUSE SLED15 / SLES15 Security Update : openssl-1_1 (SUSE-SU-2018:3863-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0734", "CVE-2018-0735"], "modified": "2019-01-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:libopenssl1_1-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:openssl-1_1-debugsource", "p-cpe:/a:novell:suse_linux:libopenssl1_1", "p-cpe:/a:novell:suse_linux:libopenssl-1_1-devel", "p-cpe:/a:novell:suse_linux:libopenssl1_1-debuginfo", "p-cpe:/a:novell:suse_linux:openssl-1_1-debuginfo", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:libopenssl1_1-hmac"], "id": "SUSE_SU-2018-3863-1.NASL", "href": "https://www.tenable.com/plugins/nessus/120166", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3863-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120166);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/16\");\n\n script_cve_id(\"CVE-2018-0734\", \"CVE-2018-0735\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : openssl-1_1 (SUSE-SU-2018:3863-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssl-1_1 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-0734: Fixed timing vulnerability in DSA signature generation\n(bsc#1113652).\n\nCVE-2018-0735: Fixed timing vulnerability in ECDSA signature\ngeneration (bsc#1113651).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-0734/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-0735/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183863-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?22b4b45d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2018-2758=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2018-2758=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl-1_1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-1_1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-1_1-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_1-32bit-1.1.0i-4.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_1-32bit-debuginfo-1.1.0i-4.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_1-hmac-32bit-1.1.0i-4.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libopenssl-1_1-devel-1.1.0i-4.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libopenssl1_1-1.1.0i-4.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libopenssl1_1-debuginfo-1.1.0i-4.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libopenssl1_1-hmac-1.1.0i-4.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"openssl-1_1-1.1.0i-4.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"openssl-1_1-debuginfo-1.1.0i-4.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"openssl-1_1-debugsource-1.1.0i-4.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_1-32bit-1.1.0i-4.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_1-32bit-debuginfo-1.1.0i-4.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_1-hmac-32bit-1.1.0i-4.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libopenssl-1_1-devel-1.1.0i-4.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libopenssl1_1-1.1.0i-4.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libopenssl1_1-debuginfo-1.1.0i-4.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libopenssl1_1-hmac-1.1.0i-4.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"openssl-1_1-1.1.0i-4.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"openssl-1_1-debuginfo-1.1.0i-4.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"openssl-1_1-debugsource-1.1.0i-4.15.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl-1_1\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T02:36:29", "description": "The OpenSSL project reports :\n\nTiming vulnerability in ECDSA signature generation (CVE-2018-0735):\nThe OpenSSL ECDSA signature algorithm has been shown to be vulnerable\nto a timing side channel attack. An attacker could use variations in\nthe signing algorithm to recover the private key (Low).\n\nTiming vulnerability in DSA signature generation (CVE-2018-0734) :\nAvoid a timing attack that leaks information via a side channel that\ntriggers when a BN is resized. Increasing the size of the BNs prior to\ndoing anything with them suppresses the attack (Low).", "edition": 24, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2018-10-30T00:00:00", "title": "FreeBSD : OpenSSL -- Multiple vulnerabilities in 1.1 branch (238ae7de-dba2-11e8-b713-b499baebfeaf)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0734", "CVE-2018-0735"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:libressl-devel", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:openssl111", "p-cpe:/a:freebsd:freebsd:libressl", "p-cpe:/a:freebsd:freebsd:openssl-devel"], "id": "FREEBSD_PKG_238AE7DEDBA211E8B713B499BAEBFEAF.NASL", "href": "https://www.tenable.com/plugins/nessus/118496", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118496);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/01/30 9:29:41\");\n\n script_cve_id(\"CVE-2018-0734\", \"CVE-2018-0735\");\n\n script_name(english:\"FreeBSD : OpenSSL -- Multiple vulnerabilities in 1.1 branch (238ae7de-dba2-11e8-b713-b499baebfeaf)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The OpenSSL project reports :\n\nTiming vulnerability in ECDSA signature generation (CVE-2018-0735):\nThe OpenSSL ECDSA signature algorithm has been shown to be vulnerable\nto a timing side channel attack. An attacker could use variations in\nthe signing algorithm to recover the private key (Low).\n\nTiming vulnerability in DSA signature generation (CVE-2018-0734) :\nAvoid a timing attack that leaks information via a side channel that\ntriggers when a BN is resized. Increasing the size of the BNs prior to\ndoing anything with them suppresses the attack (Low).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20181029.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/openssl/openssl/commit/8abfe72e\"\n );\n # https://vuxml.freebsd.org/freebsd/238ae7de-dba2-11e8-b713-b499baebfeaf.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ca1e56e7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libressl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libressl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssl111\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"openssl-devel<1.1.0i_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"openssl111<1.1.1_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"libressl>=2.8.0<2.8.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"libressl-devel>=2.8.0<2.8.3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T04:33:09", "description": "According to its banner, the version of OpenSSL running on the remote\nhost is 1.1.0 prior to 1.1.0j. It is, therefore, affected by a denial\nof service vulnerability, a cache timing side channel vulnerability,\nand a microarchitecture timing side channel attack.", "edition": 20, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-01-25T00:00:00", "title": "OpenSSL 1.1.0 < 1.1.0j Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0734", "CVE-2018-0735"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_1_0J.NASL", "href": "https://www.tenable.com/plugins/nessus/121384", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121384);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/10/31 15:18:51\");\n\n script_cve_id(\"CVE-2018-0734\", \"CVE-2018-0735\");\n script_bugtraq_id(105750, 105758);\n\n script_name(english:\"OpenSSL 1.1.0 < 1.1.0j Multiple Vulnerabilities\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A service running on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of OpenSSL running on the remote\nhost is 1.1.0 prior to 1.1.0j. It is, therefore, affected by a denial\nof service vulnerability, a cache timing side channel vulnerability,\nand a microarchitecture timing side channel attack.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20181030.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20181029.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the vendor patch or upgrade to OpenSSL version 1.1.0j or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0734\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.1.0j', min:\"1.1.0\", severity:SECURITY_WARNING);\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-20T12:54:37", "description": "This update for openssl-1_1 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-0734: timing vulnerability in DSA signature\n generation (bsc#1113652).\n\n - CVE-2018-0735: timing vulnerability in ECDSA signature\n generation (bsc#1113651).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 15, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-03-27T00:00:00", "title": "openSUSE Security Update : openssl-1_1 (openSUSE-2019-956)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0734", "CVE-2018-0735"], "modified": "2019-03-27T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:openssl-1_1-debugsource", "p-cpe:/a:novell:opensuse:libopenssl-1_1-devel", "p-cpe:/a:novell:opensuse:openssl-1_1-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_1-hmac-32bit", "cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:libopenssl1_1-hmac", "p-cpe:/a:novell:opensuse:libopenssl-1_1-devel-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_1-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_1-32bit-debuginfo", "p-cpe:/a:novell:opensuse:openssl-1_1", "p-cpe:/a:novell:opensuse:libopenssl1_1", "p-cpe:/a:novell:opensuse:libopenssl1_1-32bit"], "id": "OPENSUSE-2019-956.NASL", "href": "https://www.tenable.com/plugins/nessus/123386", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-956.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123386);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-0734\", \"CVE-2018-0735\");\n\n script_name(english:\"openSUSE Security Update : openssl-1_1 (openSUSE-2019-956)\");\n script_summary(english:\"Check for the openSUSE-2019-956 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssl-1_1 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-0734: timing vulnerability in DSA signature\n generation (bsc#1113652).\n\n - CVE-2018-0735: timing vulnerability in ECDSA signature\n generation (bsc#1113651).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113652\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl-1_1 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-1_1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-1_1-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_1-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_1-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_1-hmac-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-1_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-1_1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-1_1-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libopenssl-1_1-devel-1.1.0i-lp150.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libopenssl1_1-1.1.0i-lp150.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libopenssl1_1-debuginfo-1.1.0i-lp150.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libopenssl1_1-hmac-1.1.0i-lp150.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"openssl-1_1-1.1.0i-lp150.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"openssl-1_1-debuginfo-1.1.0i-lp150.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"openssl-1_1-debugsource-1.1.0i-lp150.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libopenssl-1_1-devel-32bit-1.1.0i-lp150.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libopenssl1_1-32bit-1.1.0i-lp150.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libopenssl1_1-32bit-debuginfo-1.1.0i-lp150.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libopenssl1_1-hmac-32bit-1.1.0i-lp150.3.15.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-1_1-devel / libopenssl-1_1-devel-32bit / libopenssl1_1 / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:32:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0735"], "description": "This host is running OpenSSL and is prone\n to an information disclosure vulnerability.", "modified": "2019-02-27T00:00:00", "published": "2018-11-01T00:00:00", "id": "OPENVAS:1361412562310112408", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112408", "type": "openvas", "title": "OpenSSL: Timing vulnerability in ECDSA signature generation (CVE-2018-0735) (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_openssl_secadv_20181029_lin.nasl 13898 2019-02-27 08:37:43Z cfischer $\n#\n# OpenSSL: Timing vulnerability in ECDSA signature generation (CVE-2018-0735) (Linux)\n#\n# Authors:\n# Adrian Steins <adrian.steins@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112408\");\n script_version(\"$Revision: 13898 $\");\n script_cve_id(\"CVE-2018-0735\");\n script_bugtraq_id(105750);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-27 09:37:43 +0100 (Wed, 27 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-11-01 10:02:33 +0100 (Thu, 01 Nov 2018)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"OpenSSL: Timing vulnerability in ECDSA signature generation (CVE-2018-0735) (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running OpenSSL and is prone\n to an information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a\n timing side channel attack. An attacker could use variations in the signing\n algorithm to recover the private key.\");\n\n script_tag(name:\"impact\", value:\"A remote user that can conduct a man-in-the-middle attack can exploit a\n timing vulnerability in its ECDSA signature algorithm to cause the target system to disclose private keys.\");\n\n script_tag(name:\"affected\", value:\"OpenSSL versions 1.1.0-1.1.0i and 1.1.1.\");\n\n script_tag(name:\"solution\", value:\"Upgrade OpenSSL to version 1.1.0j-dev, 1.1.1a-dev or manually apply the fixes via Github.\n See the references for more details.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://www.openssl.org/news/secadv/20181029.txt\");\n script_xref(name:\"URL\", value:\"https://www.securitytracker.com/id/1041986\");\n script_xref(name:\"URL\", value:\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1\");\n script_xref(name:\"URL\", value:\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_openssl_detect.nasl\", \"gb_openssl_detect_lin.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"openssl/detected\", \"Host/runs_unixoide\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:openssl:openssl\";\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(port = get_app_port(cpe:CPE))) exit(0);\nif(!infos = get_app_version_and_location(cpe:CPE, port:port, exit_no_version:TRUE)) exit(0);\n\nvers = infos['version'];\npath = infos['location'];\n\nif(version_in_range(version:vers, test_version:\"1.1.0\", test_version2:\"1.1.0i\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"1.1.0j-dev\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n}\n\nif(version_is_equal(version:vers, test_version:\"1.1.1\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"1.1.1a-dev\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:32:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0735"], "description": "This host is running OpenSSL and is prone\n to an information disclosure vulnerability.", "modified": "2019-02-27T00:00:00", "published": "2018-11-01T00:00:00", "id": "OPENVAS:1361412562310112409", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112409", "type": "openvas", "title": "OpenSSL: Timing vulnerability in ECDSA signature generation (CVE-2018-0735) (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_openssl_secadv_20181029_win.nasl 13898 2019-02-27 08:37:43Z cfischer $\n#\n# OpenSSL: Timing vulnerability in ECDSA signature generation (CVE-2018-0735) (Windows)\n#\n# Authors:\n# Adrian Steins <adrian.steins@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112409\");\n script_version(\"$Revision: 13898 $\");\n script_cve_id(\"CVE-2018-0735\");\n script_bugtraq_id(105750);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-27 09:37:43 +0100 (Wed, 27 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-11-01 10:02:33 +0100 (Thu, 01 Nov 2018)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"OpenSSL: Timing vulnerability in ECDSA signature generation (CVE-2018-0735) (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is running OpenSSL and is prone\n to an information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a\n timing side channel attack. An attacker could use variations in the signing\n algorithm to recover the private key.\");\n\n script_tag(name:\"impact\", value:\"A remote user that can conduct a man-in-the-middle attack can exploit a\n timing vulnerability in its ECDSA signature algorithm to cause the target system to disclose private keys.\");\n\n script_tag(name:\"affected\", value:\"OpenSSL versions 1.1.0-1.1.0i and 1.1.1.\");\n\n script_tag(name:\"solution\", value:\"Upgrade OpenSSL to version 1.1.0j-dev, 1.1.1a-dev or manually apply the fixes via Github.\n See the references for more details.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://www.openssl.org/news/secadv/20181029.txt\");\n script_xref(name:\"URL\", value:\"https://www.securitytracker.com/id/1041986\");\n script_xref(name:\"URL\", value:\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1\");\n script_xref(name:\"URL\", value:\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_openssl_detect.nasl\", \"gb_openssl_detect_win.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"openssl/detected\", \"Host/runs_windows\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:openssl:openssl\";\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(port = get_app_port(cpe:CPE))) exit(0);\nif(!infos = get_app_version_and_location(cpe:CPE, port:port, exit_no_version:TRUE)) exit(0);\n\nvers = infos['version'];\npath = infos['location'];\n\nif(version_in_range(version:vers, test_version:\"1.1.0\", test_version2:\"1.1.0i\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"1.1.0j-dev\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n}\n\nif(version_is_equal(version:vers, test_version:\"1.1.1\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"1.1.1a-dev\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:32:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5407"], "description": "This host is running OpenSSL and is prone\n to an information disclosure vulnerability.", "modified": "2019-02-27T00:00:00", "published": "2018-11-22T00:00:00", "id": "OPENVAS:1361412562310108483", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108483", "type": "openvas", "title": "OpenSSL: Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_openssl_secadv_20181112_lin.nasl 13898 2019-02-27 08:37:43Z cfischer $\n#\n# OpenSSL: Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) (Linux)\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:openssl:openssl\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108483\");\n script_version(\"$Revision: 13898 $\");\n script_cve_id(\"CVE-2018-5407\");\n script_bugtraq_id(105897);\n script_tag(name:\"cvss_base\", value:\"1.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-27 09:37:43 +0100 (Wed, 27 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-11-22 07:48:19 +0100 (Thu, 22 Nov 2018)\");\n script_name(\"OpenSSL: Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) (Linux)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_openssl_detect.nasl\", \"gb_openssl_detect_lin.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"openssl/detected\", \"Host/runs_unixoide\");\n\n script_xref(name:\"URL\", value:\"https://www.openssl.org/news/secadv/20181112.txt\");\n script_xref(name:\"URL\", value:\"https://www.openssl.org/news/vulnerabilities.html\");\n script_xref(name:\"URL\", value:\"https://github.com/openssl/openssl/commit/aab7c770353b1dc4ba045938c8fb446dd1c4531e\");\n script_xref(name:\"URL\", value:\"https://github.com/openssl/openssl/commit/b18162a7c9bbfb57112459a4d6631fa258fd8c0cq\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/105897\");\n script_xref(name:\"URL\", value:\"https://eprint.iacr.org/2018/1060.pdf\");\n script_xref(name:\"URL\", value:\"https://github.com/bbbrumley/portsmash\");\n script_xref(name:\"URL\", value:\"https://www.exploit-db.com/exploits/45785/\");\n\n script_tag(name:\"summary\", value:\"This host is running OpenSSL and is prone\n to an information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH,\n has been shown to be vulnerable to a microarchitecture timing side channel attack.\");\n\n script_tag(name:\"impact\", value:\"An attacker with sufficient access to mount local timing attacks\n during ECDSA signature generation could recover the private key.\");\n\n script_tag(name:\"affected\", value:\"OpenSSL versions 1.1.0-1.1.0h and 1.0.2-1.0.2p.\");\n\n script_tag(name:\"solution\", value:\"Upgrade OpenSSL to version 1.0.2q, 1.1.0i or later. See the references for more details.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos['version'];\npath = infos['location'];\n\nif( version_in_range( version:vers, test_version:\"1.1.0\", test_version2:\"1.1.0h\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"1.1.0i\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nif( version_in_range( version:vers, test_version:\"1.0.2\", test_version2:\"1.0.2p\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"1.0.2q\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:32:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5407"], "description": "This host is running OpenSSL and is prone\n to an information disclosure vulnerability.", "modified": "2019-02-27T00:00:00", "published": "2018-11-22T00:00:00", "id": "OPENVAS:1361412562310108484", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108484", "type": "openvas", "title": "OpenSSL: Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_openssl_secadv_20181112_win.nasl 13898 2019-02-27 08:37:43Z cfischer $\n#\n# OpenSSL: Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) (Windows)\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:openssl:openssl\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108484\");\n script_version(\"$Revision: 13898 $\");\n script_cve_id(\"CVE-2018-5407\");\n script_bugtraq_id(105897);\n script_tag(name:\"cvss_base\", value:\"1.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-27 09:37:43 +0100 (Wed, 27 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-11-22 07:48:19 +0100 (Thu, 22 Nov 2018)\");\n script_name(\"OpenSSL: Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) (Windows)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_openssl_detect.nasl\", \"gb_openssl_detect_win.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"openssl/detected\", \"Host/runs_windows\");\n\n script_xref(name:\"URL\", value:\"https://www.openssl.org/news/secadv/20181112.txt\");\n script_xref(name:\"URL\", value:\"https://www.openssl.org/news/vulnerabilities.html\");\n script_xref(name:\"URL\", value:\"https://github.com/openssl/openssl/commit/aab7c770353b1dc4ba045938c8fb446dd1c4531e\");\n script_xref(name:\"URL\", value:\"https://github.com/openssl/openssl/commit/b18162a7c9bbfb57112459a4d6631fa258fd8c0cq\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/105897\");\n script_xref(name:\"URL\", value:\"https://eprint.iacr.org/2018/1060.pdf\");\n script_xref(name:\"URL\", value:\"https://github.com/bbbrumley/portsmash\");\n script_xref(name:\"URL\", value:\"https://www.exploit-db.com/exploits/45785/\");\n\n script_tag(name:\"summary\", value:\"This host is running OpenSSL and is prone\n to an information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH,\n has been shown to be vulnerable to a microarchitecture timing side channel attack.\");\n\n script_tag(name:\"impact\", value:\"An attacker with sufficient access to mount local timing attacks\n during ECDSA signature generation could recover the private key.\");\n\n script_tag(name:\"affected\", value:\"OpenSSL versions 1.1.0-1.1.0h and 1.0.2-1.0.2p.\");\n\n script_tag(name:\"solution\", value:\"Upgrade OpenSSL to version 1.0.2q, 1.1.0i or later. See the references for more details.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos['version'];\npath = infos['location'];\n\nif( version_in_range( version:vers, test_version:\"1.1.0\", test_version2:\"1.1.0h\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"1.1.0i\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nif( version_in_range( version:vers, test_version:\"1.0.2\", test_version2:\"1.0.2p\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"1.0.2q\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:32:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0734"], "description": "This host is running OpenSSL and is prone\n to an information disclosure vulnerability.", "modified": "2019-02-27T00:00:00", "published": "2018-11-01T00:00:00", "id": "OPENVAS:1361412562310112411", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112411", "type": "openvas", "title": "OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734) (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_openssl_secadv_20181030_lin.nasl 13898 2019-02-27 08:37:43Z cfischer $\n#\n# OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734) (Linux)\n#\n# Authors:\n# Adrian Steins <adrian.steins@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112411\");\n script_version(\"$Revision: 13898 $\");\n script_cve_id(\"CVE-2018-0734\");\n script_bugtraq_id(105758);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-27 09:37:43 +0100 (Wed, 27 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-11-01 10:16:23 +0100 (Thu, 01 Nov 2018)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734) (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running OpenSSL and is prone\n to an information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"The OpenSSL DSA signature algorithm has been shown to be vulnerable to a\n timing side channel attack. An attacker could use variations in the signing\n algorithm to recover the private key.\");\n\n script_tag(name:\"affected\", value:\"OpenSSL versions 1.1.0-1.1.0i, 1.1.1 and 1.0.2-1.0.2p.\");\n\n script_tag(name:\"solution\", value:\"Upgrade OpenSSL to version 1.1.0j-dev, 1.1.1a-dev, 1.0.2q-dev or manually apply the fixes via Github.\n See the references for more details.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://www.openssl.org/news/secadv/20181030.txt\");\n script_xref(name:\"URL\", value:\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac\");\n script_xref(name:\"URL\", value:\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f\");\n script_xref(name:\"URL\", value:\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_openssl_detect.nasl\", \"gb_openssl_detect_lin.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"openssl/detected\", \"Host/runs_unixoide\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:openssl:openssl\";\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(port = get_app_port(cpe:CPE))) exit(0);\nif(!infos = get_app_version_and_location(cpe:CPE, port:port, exit_no_version:TRUE)) exit(0);\n\nvers = infos['version'];\npath = infos['location'];\n\nif(version_in_range(version:vers, test_version:\"1.1.0\", test_version2:\"1.1.0i\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"1.1.0j-dev\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n}\n\nif(version_is_equal(version:vers, test_version:\"1.1.1\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"1.1.1a-dev\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n}\n\nif(version_in_range(version:vers, test_version:\"1.0.2\", test_version2:\"1.0.2p\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"1.0.2q-dev\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:32:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0734"], "description": "This host is running OpenSSL and is prone\n to an information disclosure vulnerability.", "modified": "2019-02-27T00:00:00", "published": "2018-11-01T00:00:00", "id": "OPENVAS:1361412562310112410", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112410", "type": "openvas", "title": "OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734) (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_openssl_secadv_20181030_win.nasl 13898 2019-02-27 08:37:43Z cfischer $\n#\n# OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734) (Windows)\n#\n# Authors:\n# Adrian Steins <adrian.steins@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112410\");\n script_version(\"$Revision: 13898 $\");\n script_cve_id(\"CVE-2018-0734\");\n script_bugtraq_id(105758);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-27 09:37:43 +0100 (Wed, 27 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-11-01 10:16:23 +0100 (Thu, 01 Nov 2018)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734) (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is running OpenSSL and is prone\n to an information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"The OpenSSL DSA signature algorithm has been shown to be vulnerable to a\n timing side channel attack. An attacker could use variations in the signing\n algorithm to recover the private key.\");\n\n script_tag(name:\"affected\", value:\"OpenSSL versions 1.1.0-1.1.0i, 1.1.1 and 1.0.2-1.0.2p.\");\n\n script_tag(name:\"solution\", value:\"Upgrade OpenSSL to version 1.1.0j-dev, 1.1.1a-dev, 1.0.2q-dev or manually apply the fixes via Github.\n See the references for more details.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://www.openssl.org/news/secadv/20181030.txt\");\n script_xref(name:\"URL\", value:\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac\");\n script_xref(name:\"URL\", value:\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f\");\n script_xref(name:\"URL\", value:\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_openssl_detect.nasl\", \"gb_openssl_detect_win.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"openssl/detected\", \"Host/runs_windows\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:openssl:openssl\";\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(port = get_app_port(cpe:CPE))) exit(0);\nif(!infos = get_app_version_and_location(cpe:CPE, port:port, exit_no_version:TRUE)) exit(0);\n\nvers = infos['version'];\npath = infos['location'];\n\nif(version_in_range(version:vers, test_version:\"1.1.0\", test_version2:\"1.1.0i\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"1.1.0j-dev\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n}\n\nif(version_is_equal(version:vers, test_version:\"1.1.1\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"1.1.1a-dev\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n}\n\nif(version_in_range(version:vers, test_version:\"1.0.2\", test_version2:\"1.0.2p\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"1.0.2q-dev\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-29T20:07:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5407", "CVE-2018-0735"], "description": "CVE-2018-0735\nSamuel Weiser reported a timing vulnerability in the OpenSSL ECDSA\nsignature generation, which might leak information to recover the\nprivate key.\n\nCVE-2018-5407\nAlejandro Cabrera Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar\nPereida Garcia and Nicola Tuveri reported a vulnerability to a\ntiming side channel attack, which might be used to recover the\nprivate key.", "modified": "2020-01-29T00:00:00", "published": "2018-11-22T00:00:00", "id": "OPENVAS:1361412562310891586", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891586", "type": "openvas", "title": "Debian LTS: Security Advisory for openssl (DLA-1586-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891586\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-0735\", \"CVE-2018-5407\");\n script_name(\"Debian LTS: Security Advisory for openssl (DLA-1586-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-11-22 00:00:00 +0100 (Thu, 22 Nov 2018)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"openssl on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n1.0.1t-1+deb8u10.\n\nWe recommend that you upgrade your openssl packages.\");\n\n script_tag(name:\"summary\", value:\"CVE-2018-0735\nSamuel Weiser reported a timing vulnerability in the OpenSSL ECDSA\nsignature generation, which might leak information to recover the\nprivate key.\n\nCVE-2018-5407\nAlejandro Cabrera Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar\nPereida Garcia and Nicola Tuveri reported a vulnerability to a\ntiming side channel attack, which might be used to recover the\nprivate key.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1t-1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1t-1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1t-1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1t-1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1t-1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-07-04T18:56:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0732", "CVE-2018-0734", "CVE-2018-5407", "CVE-2018-0735", "CVE-2018-0737"], "description": "Several local side channel attacks and a denial of service via large\nDiffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets\nLayer toolkit.", "modified": "2019-07-04T00:00:00", "published": "2018-11-30T00:00:00", "id": "OPENVAS:1361412562310704348", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704348", "type": "openvas", "title": "Debian Security Advisory DSA 4348-1 (openssl - security update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4348-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704348\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-0732\", \"CVE-2018-0734\", \"CVE-2018-0735\", \"CVE-2018-0737\", \"CVE-2018-5407\");\n script_name(\"Debian Security Advisory DSA 4348-1 (openssl - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-11-30 00:00:00 +0100 (Fri, 30 Nov 2018)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4348.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"openssl on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 1.1.0j-1~deb9u1. Going forward, openssl security updates for\nstretch will be based on the 1.1.0x upstream releases.\n\nWe recommend that you upgrade your openssl packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/openssl\");\n script_tag(name:\"summary\", value:\"Several local side channel attacks and a denial of service via large\nDiffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets\nLayer toolkit.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.1.0j-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libssl1.1\", ver:\"1.1.0j-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openssl\", ver:\"1.1.0j-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-31T17:37:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0734", "CVE-2018-0735"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2018-11-26T00:00:00", "id": "OPENVAS:1361412562310852145", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852145", "type": "openvas", "title": "openSUSE: Security Advisory for openssl-1_1 (openSUSE-SU-2018:3890-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852145\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-0734\", \"CVE-2018-0735\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-11-26 15:08:57 +0100 (Mon, 26 Nov 2018)\");\n script_name(\"openSUSE: Security Advisory for openssl-1_1 (openSUSE-SU-2018:3890-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:3890-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-11/msg00043.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl-1_1'\n package(s) announced via the openSUSE-SU-2018:3890-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for openssl-1_1 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-0734: timing vulnerability in DSA signature generation\n (bsc#1113652).\n\n - CVE-2018-0735: timing vulnerability in ECDSA signature generation\n (bsc#1113651).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2018-1465=1\");\n\n script_tag(name:\"affected\", value:\"openssl-1_1 on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-1_1-devel\", rpm:\"libopenssl-1_1-devel~1.1.0i~lp150.3.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_1\", rpm:\"libopenssl1_1~1.1.0i~lp150.3.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_1-debuginfo\", rpm:\"libopenssl1_1-debuginfo~1.1.0i~lp150.3.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_1-hmac\", rpm:\"libopenssl1_1-hmac~1.1.0i~lp150.3.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-1_1\", rpm:\"openssl-1_1~1.1.0i~lp150.3.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-1_1-debuginfo\", rpm:\"openssl-1_1-debuginfo~1.1.0i~lp150.3.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-1_1-debugsource\", rpm:\"openssl-1_1-debugsource~1.1.0i~lp150.3.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-1_1-doc\", rpm:\"openssl-1_1-doc~1.1.0i~lp150.3.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-1_1-devel-32bit\", rpm:\"libopenssl-1_1-devel-32bit~1.1.0i~lp150.3.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_1-32bit\", rpm:\"libopenssl1_1-32bit~1.1.0i~lp150.3.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_1-32bit-debuginfo\", rpm:\"libopenssl1_1-32bit-debuginfo~1.1.0i~lp150.3.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_1-hmac-32bit\", rpm:\"libopenssl1_1-hmac-32bit~1.1.0i~lp150.3.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:32:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0734", "CVE-2018-5407"], "description": "This host is running Nessus and is prone to\n multiple vulnerabilities.", "modified": "2019-05-03T00:00:00", "published": "2019-01-09T00:00:00", "id": "OPENVAS:1361412562310107443", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310107443", "type": "openvas", "title": "Tenable Nessus < 8.1.1 Multiple Vulnerabilities (tns-2018-16)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:tenable:nessus\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.107443\");\n script_version(\"2019-05-03T08:55:39+0000\");\n script_cve_id(\"CVE-2018-0734\", \"CVE-2018-5407\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 08:55:39 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-01-09 12:18:54 +0100 (Wed, 09 Jan 2019)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"Tenable Nessus < 8.1.1 Multiple Vulnerabilities (tns-2018-16)\");\n\n script_tag(name:\"summary\", value:\"This host is running Nessus and is prone to\n multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Tenable Nessus is affected by multiple vulnerabilities:\n\n - Tenable Nessus contains a flaw in the bundled third-party component OpenSSL library's DSA signature algorithm that renders it vulnerable to a timing side channel attack.\n\n - Tenable Nessus contains a flaw in the bundled third-party component OpenSSL library's Simultaneous Multithreading (SMT) architectures which render it vulnerable to side-channel leakage. This issue is known as 'PortSmash'.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers potentially to recover the private key. They could possibly use this issue to perform a timing side-channel attack and recover private keys.\");\n\n script_tag(name:\"affected\", value:\"Nessus versions prior to version 8.1.1.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to nessus version 8.1.1 or later. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://www.tenable.com\");\n script_xref(name:\"URL\", value:\"https://www.tenable.com/security/tns-2018-16\");\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_nessus_web_server_detect.nasl\");\n script_mandatory_keys(\"nessus/installed\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!nesPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:nesPort, exit_no_version:TRUE)) exit(0);\n\nnesVer = infos['version'];\npath = infos['location'];\n\nif(version_in_range(version: nesVer, test_version: \"8.0.0\", test_version2: \"8.1.0\"))\n{\n report = report_fixed_ver(installed_version:nesVer, fixed_version:\"8.1.1\", install_path:path);\n security_message(data:report, port:nesPort);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "symantec": [{"lastseen": "2020-01-06T12:24:53", "bulletinFamily": "software", "cvelist": ["CVE-2018-0734"], "description": "### Description\n\nOpenSSL is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information. This may aid in further attacks.\n\n### Technologies Affected\n\n * Bluecoat BCAAA 6.1 \n * IBM AIX 5.3 \n * IBM AIX 6.1 \n * IBM AIX 7.1 \n * IBM Aix 7.2 \n * IBM DataPower Gateway 2018.4.1.0 \n * IBM DataPower Gateway 2018.4.1.2 \n * IBM DataPower Gateway 2018.4.1.5 \n * IBM DataPower Gateway 2018.4.1.6 \n * IBM DataPower Gateway 2018.4.1.8 \n * IBM DataPower Gateway 7.6.0.0 \n * IBM DataPower Gateway 7.6.0.10 \n * IBM DataPower Gateway 7.6.0.11 \n * IBM DataPower Gateway 7.6.0.12 \n * IBM DataPower Gateway 7.6.0.14 \n * IBM DataPower Gateway 7.6.0.15 \n * IBM DataPower Gateway 7.6.0.17 \n * IBM DataPower Gateway 7.6.0.3 \n * IBM DataPower Gateway 7.6.0.8 \n * IBM DataPower Gateway 7.6.0.9 \n * IBM DataPower Gateways 7.6.0.0 \n * IBM DataPower Gateways 7.6.0.1 \n * IBM DataPower Gateways 7.6.0.5 \n * IBM DataPower Gateways 7.6.0.6 \n * IBM DataPower Gateways 7.6.0.8 \n * IBM Vios 2.2.0 \n * IBM Vios 2.2.0.10 \n * IBM Vios 2.2.0.11 \n * IBM Vios 2.2.0.12 \n * IBM Vios 2.2.0.13 \n * IBM Vios 2.2.1.0 \n * IBM Vios 2.2.1.1 \n * IBM Vios 2.2.1.3 \n * IBM Vios 2.2.1.4 \n * IBM Vios 2.2.1.8 \n * IBM Vios 2.2.1.9 \n * IBM Vios 2.2.2.0 \n * IBM Vios 2.2.2.4 \n * IBM Vios 2.2.2.5 \n * IBM Vios 2.2.2.6 \n * IBM Vios 2.2.3 \n * IBM Vios 2.2.3.0 \n * IBM Vios 2.2.3.2 \n * IBM Vios 2.2.3.3 \n * IBM Vios 2.2.3.4 \n * IBM Vios 2.2.3.50 \n * IBM Vios 2.2.4.0 \n * OpenSSL Project OpenSSL 1.0.2 \n * OpenSSL Project OpenSSL 1.0.2 Beta1 \n * OpenSSL Project OpenSSL 1.0.2-1.0.2o \n * OpenSSL Project OpenSSL 1.0.2a \n * OpenSSL Project OpenSSL 1.0.2b \n * OpenSSL Project OpenSSL 1.0.2c \n * OpenSSL Project OpenSSL 1.0.2d \n * OpenSSL Project OpenSSL 1.0.2e \n * OpenSSL Project OpenSSL 1.0.2f \n * OpenSSL Project OpenSSL 1.0.2g \n * OpenSSL Project OpenSSL 1.0.2h \n * OpenSSL Project OpenSSL 1.0.2i \n * OpenSSL Project OpenSSL 1.0.2j \n * OpenSSL Project OpenSSL 1.0.2k \n * OpenSSL Project OpenSSL 1.0.2l \n * OpenSSL Project OpenSSL 1.0.2l-git \n * OpenSSL Project OpenSSL 1.0.2m \n * OpenSSL Project OpenSSL 1.0.2n \n * OpenSSL Project OpenSSL 1.0.2o \n * OpenSSL Project OpenSSL 1.0.2p \n * OpenSSL Project OpenSSL 1.0.2p-dev \n * OpenSSL Project OpenSSL 1.1.0 \n * OpenSSL Project OpenSSL 1.1.0a \n * OpenSSL Project OpenSSL 1.1.0b \n * OpenSSL Project OpenSSL 1.1.0c \n * OpenSSL Project OpenSSL 1.1.0d \n * OpenSSL Project OpenSSL 1.1.0e \n * OpenSSL Project OpenSSL 1.1.0f \n * OpenSSL Project OpenSSL 1.1.0g \n * OpenSSL Project OpenSSL 1.1.0h \n * OpenSSL Project OpenSSL 1.1.0i \n * OpenSSL Project OpenSSL 1.1.1 \n * Oracle API Gateway 11.1.2.4.0 \n * Oracle E-Business Suite 0.9.8 \n * Oracle E-Business Suite 1.0.0 \n * Oracle E-Business Suite 1.0.1 \n * Oracle Endeca Server 7.7.0 \n * Oracle Enterprise Manager Base Platform 12.1.0.5.0 \n * Oracle Enterprise Manager Base Platform 13.2.0.0.0 \n * Oracle Enterprise Manager Base Platform 13.3.0.0.0 \n * Oracle Enterprise Manager Ops Center 12.3.3 \n * Oracle MySQL Enterprise Backup 3.10.0 \n * Oracle MySQL Enterprise Backup 3.10.1 \n * Oracle MySQL Enterprise Backup 3.12.2 \n * Oracle MySQL Enterprise Backup 3.12.3 \n * Oracle MySQL Enterprise Backup 4.0.1 \n * Oracle MySQL Enterprise Backup 4.0.3 \n * Oracle MySQL Enterprise Backup 4.1.2 \n * Oracle MySQL Server 5.6.15 \n * Oracle MySQL Server 5.6.16 \n * Oracle MySQL Server 5.6.20 \n * Oracle MySQL Server 5.6.21 \n * Oracle MySQL Server 5.6.22 \n * Oracle MySQL Server 5.6.23 \n * Oracle MySQL Server 5.6.24 \n * Oracle MySQL Server 5.6.25 \n * Oracle MySQL Server 5.6.26 \n * Oracle MySQL Server 5.6.27 \n * Oracle MySQL Server 5.6.28 \n * Oracle MySQL Server 5.6.29 \n * Oracle MySQL Server 5.6.30 \n * Oracle MySQL Server 5.6.33 \n * Oracle MySQL Server 5.6.34 \n * Oracle MySQL Server 5.6.35 \n * Oracle MySQL Server 5.6.36 \n * Oracle MySQL Server 5.6.37 \n * Oracle MySQL Server 5.6.38 \n * Oracle MySQL Server 5.6.39 \n * Oracle MySQL Server 5.6.40 \n * Oracle MySQL Server 5.6.41 \n * Oracle MySQL Server 5.6.42 \n * Oracle MySQL Server 5.7.0 \n * Oracle MySQL Server 5.7.12 \n * Oracle MySQL Server 5.7.15 \n * Oracle MySQL Server 5.7.16 \n * Oracle MySQL Server 5.7.17 \n * Oracle MySQL Server 5.7.18 \n * Oracle MySQL Server 5.7.19 \n * Oracle MySQL Server 5.7.20 \n * Oracle MySQL Server 5.7.21 \n * Oracle MySQL Server 5.7.22 \n * Oracle MySQL Server 5.7.23 \n * Oracle MySQL Server 5.7.24 \n * Oracle MySQL Server 8.0.11 \n * Oracle MySQL Server 8.0.12 \n * Oracle MySQL Server 8.0.13 \n * Oracle PeopleSoft Enterprise PeopleTools 8.55 \n * Oracle PeopleSoft Enterprise PeopleTools 8.56 \n * Oracle PeopleSoft Enterprise PeopleTools 8.57 \n * Oracle Primavera P6 Enterprise Project Portfolio Management 15.1 \n * Oracle Primavera P6 Enterprise Project Portfolio Management 15.2 \n * Oracle Primavera P6 Enterprise Project Portfolio Management 16.1 \n * Oracle Primavera P6 Enterprise Project Portfolio Management 16.2 \n * Oracle Primavera P6 Enterprise Project Portfolio Management 17.12 \n * Oracle Primavera P6 Enterprise Project Portfolio Management 17.7 \n * Oracle Primavera P6 Enterprise Project Portfolio Management 18.8 \n * Oracle Primavera P6 Enterprise Project Portfolio Management 8.4 \n * Oracle Solaris 10 \n * Oracle Solaris 11.3 \n * Oracle Solaris 11.4 \n * Oracle Tuxedo 12.1.1.0.0 \n * Oracle VM VirtualBox 1.6 \n * Oracle VM VirtualBox 1.6.0 \n * Oracle VM VirtualBox 1.6.2 \n * Oracle VM VirtualBox 1.6.4 \n * Oracle VM VirtualBox 1.6.6 \n * Oracle VM VirtualBox 2.0.0 \n * Oracle VM VirtualBox 2.0.10 \n * Oracle VM VirtualBox 2.0.12 \n * Oracle VM VirtualBox 2.0.2 \n * Oracle VM VirtualBox 2.0.4 \n * Oracle VM VirtualBox 2.0.6 \n * Oracle VM VirtualBox 2.0.8 \n * Oracle VM VirtualBox 2.1.0 \n * Oracle VM VirtualBox 2.1.2 \n * Oracle VM VirtualBox 2.1.4 \n * Oracle VM VirtualBox 2.2 \n * Oracle VM VirtualBox 2.2.0 \n * Oracle VM VirtualBox 2.2.2 \n * Oracle VM VirtualBox 2.2.4 \n * Oracle VM VirtualBox 3.0 \n * Oracle VM VirtualBox 3.0.0 \n * Oracle VM VirtualBox 3.0.10 \n * Oracle VM VirtualBox 3.0.12 \n * Oracle VM VirtualBox 3.0.14 \n * Oracle VM VirtualBox 3.0.2 \n * Oracle VM VirtualBox 3.0.4 \n * Oracle VM VirtualBox 3.0.6 \n * Oracle VM VirtualBox 3.0.8 \n * Oracle VM VirtualBox 3.1 \n * Oracle VM VirtualBox 3.1.0 \n * Oracle VM VirtualBox 3.1.2 \n * Oracle VM VirtualBox 3.1.4 \n * Oracle VM VirtualBox 3.1.6 \n * Oracle VM VirtualBox 3.1.8 \n * Oracle VM VirtualBox 3.2 \n * Oracle VM VirtualBox 3.2.0 \n * Oracle VM VirtualBox 3.2.10 \n * Oracle VM VirtualBox 3.2.12 \n * Oracle VM VirtualBox 3.2.14 \n * Oracle VM VirtualBox 3.2.16 \n * Oracle VM VirtualBox 3.2.18 \n * Oracle VM VirtualBox 3.2.19 \n * Oracle VM VirtualBox 3.2.2 \n * Oracle VM VirtualBox 3.2.20 \n * Oracle VM VirtualBox 3.2.21 \n * Oracle VM VirtualBox 3.2.22 \n * Oracle VM VirtualBox 3.2.24 \n * Oracle VM VirtualBox 3.2.25 \n * Oracle VM VirtualBox 3.2.4 \n * Oracle VM VirtualBox 3.2.6 \n * Oracle VM VirtualBox 3.2.8 \n * Oracle VM VirtualBox 3.3 \n * Oracle VM VirtualBox 4.0 \n * Oracle VM VirtualBox 4.0.0 \n * Oracle VM VirtualBox 4.0.10 \n * Oracle VM VirtualBox 4.0.12 \n * Oracle VM VirtualBox 4.0.14 \n * Oracle VM VirtualBox 4.0.16 \n * Oracle VM VirtualBox 4.0.18 \n * Oracle VM VirtualBox 4.0.2 \n * Oracle VM VirtualBox 4.0.20 \n * Oracle VM VirtualBox 4.0.21 \n * Oracle VM VirtualBox 4.0.22 \n * Oracle VM VirtualBox 4.0.23 \n * Oracle VM VirtualBox 4.0.24 \n * Oracle VM VirtualBox 4.0.26 \n * Oracle VM VirtualBox 4.0.27 \n * Oracle VM VirtualBox 4.0.30 \n * Oracle VM VirtualBox 4.0.34 \n * Oracle VM VirtualBox 4.0.35 \n * Oracle VM VirtualBox 4.0.36 \n * Oracle VM VirtualBox 4.0.4 \n * Oracle VM VirtualBox 4.0.6 \n * Oracle VM VirtualBox 4.0.8 \n * Oracle VM VirtualBox 4.1 \n * Oracle VM VirtualBox 4.1.0 \n * Oracle VM VirtualBox 4.1.10 \n * Oracle VM VirtualBox 4.1.14 \n * Oracle VM VirtualBox 4.1.16 \n * Oracle VM VirtualBox 4.1.18 \n * Oracle VM VirtualBox 4.1.2 \n * Oracle VM VirtualBox 4.1.20 \n * Oracle VM VirtualBox 4.1.22 \n * Oracle VM VirtualBox 4.1.24 \n * Oracle VM VirtualBox 4.1.26 \n * Oracle VM VirtualBox 4.1.28 \n * Oracle VM VirtualBox 4.1.29 \n * Oracle VM VirtualBox 4.1.30 \n * Oracle VM VirtualBox 4.1.31 \n * Oracle VM VirtualBox 4.1.32 \n * Oracle VM VirtualBox 4.1.34 \n * Oracle VM VirtualBox 4.1.35 \n * Oracle VM VirtualBox 4.1.38 \n * Oracle VM VirtualBox 4.1.4 \n * Oracle VM VirtualBox 4.1.42 \n * Oracle VM VirtualBox 4.1.43 \n * Oracle VM VirtualBox 4.1.44 \n * Oracle VM VirtualBox 4.1.6 \n * Oracle VM VirtualBox 4.1.8 \n * Oracle VM VirtualBox 4.2 \n * Oracle VM VirtualBox 4.2.0 \n * Oracle VM VirtualBox 4.2.10 \n * Oracle VM VirtualBox 4.2.12 \n * Oracle VM VirtualBox 4.2.14 \n * Oracle VM VirtualBox 4.2.16 \n * Oracle VM VirtualBox 4.2.18 \n * Oracle VM VirtualBox 4.2.19 \n * Oracle VM VirtualBox 4.2.2 \n * Oracle VM VirtualBox 4.2.20 \n * Oracle VM VirtualBox 4.2.22 \n * Oracle VM VirtualBox 4.2.23 \n * Oracle VM VirtualBox 4.2.24 \n * Oracle VM VirtualBox 4.2.26 \n * Oracle VM VirtualBox 4.2.27 \n * Oracle VM VirtualBox 4.2.30 \n * Oracle VM VirtualBox 4.2.34 \n * Oracle VM VirtualBox 4.2.35 \n * Oracle VM VirtualBox 4.2.36 \n * Oracle VM VirtualBox 4.2.4 \n * Oracle VM VirtualBox 4.2.6 \n * Oracle VM VirtualBox 4.2.8 \n * Oracle VM VirtualBox 4.3 \n * Oracle VM VirtualBox 4.3.0 \n * Oracle VM VirtualBox 4.3.10 \n * Oracle VM VirtualBox 4.3.12 \n * Oracle VM VirtualBox 4.3.14 \n * Oracle VM VirtualBox 4.3.15 \n * Oracle VM VirtualBox 4.3.16 \n * Oracle VM VirtualBox 4.3.17 \n * Oracle VM VirtualBox 4.3.18 \n * Oracle VM VirtualBox 4.3.19 \n * Oracle VM VirtualBox 4.3.2 \n * Oracle VM VirtualBox 4.3.20 \n * Oracle VM VirtualBox 4.3.26 \n * Oracle VM VirtualBox 4.3.32 \n * Oracle VM VirtualBox 4.3.33 \n * Oracle VM VirtualBox 4.3.34 \n * Oracle VM VirtualBox 4.3.35 \n * Oracle VM VirtualBox 4.3.36 \n * Oracle VM VirtualBox 4.3.4 \n * Oracle VM VirtualBox 4.3.5 \n * Oracle VM VirtualBox 4.3.6 \n * Oracle VM VirtualBox 4.3.7 \n * Oracle VM VirtualBox 4.3.8 \n * Oracle VM VirtualBox 4.3.9 \n * Oracle VM VirtualBox 5.0 \n * Oracle VM VirtualBox 5.0.10 \n * Oracle VM VirtualBox 5.0.11 \n * Oracle VM VirtualBox 5.0.12 \n * Oracle VM VirtualBox 5.0.13 \n * Oracle VM VirtualBox 5.0.14 \n * Oracle VM VirtualBox 5.0.16 \n * Oracle VM VirtualBox 5.0.18 \n * Oracle VM VirtualBox 5.0.22 \n * Oracle VM VirtualBox 5.0.26 \n * Oracle VM VirtualBox 5.0.28 \n * Oracle VM VirtualBox 5.0.32 \n * Oracle VM VirtualBox 5.0.34 \n * Oracle VM VirtualBox 5.0.38 \n * Oracle VM VirtualBox 5.0.8 \n * Oracle VM VirtualBox 5.0.9 \n * Oracle VM VirtualBox 5.1.10 \n * Oracle VM VirtualBox 5.1.14 \n * Oracle VM VirtualBox 5.1.16 \n * Oracle VM VirtualBox 5.1.20 \n * Oracle VM VirtualBox 5.1.24 \n * Oracle VM VirtualBox 5.1.30 \n * Oracle VM VirtualBox 5.1.32 \n * Oracle VM VirtualBox 5.1.36 \n * Oracle VM VirtualBox 5.1.8 \n * Oracle VM VirtualBox 5.2.0 \n * Oracle VM VirtualBox 5.2.10 \n * Oracle VM VirtualBox 5.2.16 \n * Oracle VM VirtualBox 5.2.18 \n * Oracle VM VirtualBox 5.2.2 \n * Oracle VM VirtualBox 5.2.20 \n * Oracle VM VirtualBox 5.2.22 \n * Oracle VM VirtualBox 5.2.4 \n * Oracle VM VirtualBox 5.2.6 \n * Symantec Director 6.1 \n * Symantec PacketShaper 9.2 \n * Symantec PolicyCenter 9.2 \n * Symantec Security Analytics 7.2 \n * Symantec Security Analytics 7.3 \n * Symantec Security Analytics 8.0 \n * Symantec Web Isolation 1.12 \n * Tenable Nessus 1.0.1 \n * Tenable Nessus 3.0.3 \n * Tenable Nessus 4.0 \n * Tenable Nessus 4.4.1 \n * Tenable Nessus 5.0.2.23205 \n * Tenable Nessus 5.2.3 \n * Tenable Nessus 5.2.4 \n * Tenable Nessus 5.2.7 \n * Tenable Nessus 6.0.0 \n * Tenable Nessus 6.0.1 \n * Tenable Nessus 6.0.2 \n * Tenable Nessus 6.1.0 \n * Tenable Nessus 6.1.1 \n * Tenable Nessus 6.1.2 \n * Tenable Nessus 6.2.0 \n * Tenable Nessus 6.2.1 \n * Tenable Nessus 6.3.0 \n * Tenable Nessus 6.3.1 \n * Tenable Nessus 6.3.2 \n * Tenable Nessus 6.3.3 \n * Tenable Nessus 6.3.4 \n * Tenable Nessus 6.3.5 \n * Tenable Nessus 6.3.6 \n * Tenable Nessus 6.3.7 \n * Tenable Nessus 6.4.0 \n * Tenable Nessus 6.4.1 \n * Tenable Nessus 6.4.2 \n * Tenable Nessus 6.4.3 \n * Tenable Nessus 6.5.0 \n * Tenable Nessus 6.5.1 \n * Tenable Nessus 6.5.2 \n * Tenable Nessus 6.5.3 \n * Tenable Nessus 6.5.4 \n * Tenable Nessus 6.5.5 \n * Tenable Nessus 6.5.6 \n * Tenable Nessus 6.6.0 \n * Tenable Nessus 6.6.1 \n * Tenable Nessus 6.6.2 \n * Tenable Nessus 6.7.0 \n * Tenable Nessus 6.8.0 \n * Tenable Nessus 6.9.0 \n * Tenable Nessus 6.9.1 \n * Tenable Nessus 6.9.2 \n * Tenable Nessus 6.9.3 \n * Tenable Nessus 7.0 \n * Tenable Nessus 7.1.0 \n * Tenable Nessus 7.1.1 \n * Tenable Nessus 7.1.2 \n * Tenable Nessus 7.1.3 \n * Tenable Nessus 7.2.0 \n * Tenable Nessus 7.2.1 \n * Tenable Nessus 7.2.2 \n * Tenable Nessus 8.0.0 \n * Tenable Nessus 8.1.0 \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nGiven the local nature of this issue, grant only trusted and accountable individuals access to affected computers.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2018-10-30T00:00:00", "published": "2018-10-30T00:00:00", "id": "SMNTC-105758", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/105758", "type": "symantec", "title": "OpenSSL CVE-2018-0734 Side Channel Attack Information Disclosure Vulnerability", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-24T10:39:51", "bulletinFamily": "software", "cvelist": ["CVE-2018-0734", "CVE-2018-0735", "CVE-2018-5407", "CVE-2019-1543", "CVE-2019-1552", "CVE-2019-1559"], "description": "### SUMMARY\n\nSymantec Network Protection products using affected versions of OpenSSL are susceptible to multiple vulnerabilities. An attacker can recover DSA, ECDH, and ECDSA private keys through timing side-channel attacks. A remote attacker can also decrypt encrypted ciphertext and modify OpenSSL configuration and executable engine modules.\n\n \n\n### AFFECTED PRODUCTS\n\nBCAAA \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-0734, CVE-2019-1552, \nCVE-2019-1559 | 6.1 (only when Novell SSO realm is used) | A fix will not be provided. The vulnerable OpenSSL library is in the Novell SSO SDK and an updated Novell SSO SDK is no longer available. Please contact Novell for more information. \n \n \n\nContent Analysis (CA) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-0735, CVE-2019-1559 | 2.3, 2.4, 3.0, 3.1 | Not available at this time \nCVE-2018-5407 | 2.3, 2.4, 3.0 | Not available at this time \n3.1 | Not vulnerable, fixed in 3.1.0.0. \n \n \n\nDirector \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-0734, CVE-2018-5407, \nCVE-2019-1552 | 6.1 | Upgrade to a version of MC with the fixes. \n \n \n\nMail Threat Defense (MTD) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-0735, CVE-2018-5407, \nCVE-2019-1559 | 1.1 | Upgrade to a version of CAS and SMG with the fixes. \n \n \n\nMalware Analysis (MA) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-5407, CVE-2019-1559 | 4.2 | Upgrade to a version of Content Analysis with fixes. \n \n \n\nManagement Center (MC) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2019-1559 | 2.2 | Upgrade to a later version with fixes. \n2.3 | Upgrade to 2.3.3.1. \n2.4 and later | Not vulnerable, fixed \n \n \n\nPacketShaper (PS) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-0734, CVE-2019-1559 | 9.2 | Upgrade to a version of PacketShaper S-Series with fixes. \n \n \n\nPacketShaper (PS) S-Series \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-0734, CVE-2018-0735, \nCVE-2018-5407, CVE-2019-1559 | 11.6, 11.9, 11.10 | A fix will not be provided. Allot Secure Services Gateway (SSG) is a replacement product for PS S-Series. Switch to a version of SSG with the vulnerability fixes. \n \n \n\nPolicyCenter (PC) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-0734, CVE-2019-1559 | 9.2 | Upgrade to a version of PolicyCenter S-Series with fixes. \n \n \n\nPolicyCenter (PC) S-Series \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-0734, CVE-2018-0735, \nCVE-2018-5407, CVE-2019-1559 | 1.1 | A fix will not be provided. Allot NetXplorer is a replacement product for PC S-Series. Switch to a version of NetXplorer with the vulnerability fixes. \n \n \n\nReporter \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2019-1559 | 10.3, 10.4 | Upgrade to a later version with fixes. \n10.5 | Not available at this time \n \n \n\nSecurity Analytics (SA) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-0734, CVE-2018-5407, \nCVE-2019-1559 | 7.2, 8.1, 8.2 | Not available at this time \n7.3, 8.0 | Upgrade to later version with fixes. \n \n \n\nWeb Isolation (WI) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-0734, CVE-2018-0735, \nCVE-2018-5407 | 1.12 | Upgrade to 1.12.13+250. \n1.13 and later | Not vulnerable, fixed. \n \n \n\n### ADDITIONAL PRODUCT INFORMATION\n\nThe following products are not vulnerable: \n**AuthConnector \nCDP for Salesforce \nCDP for ServiceNow \nCDP for Oracle CRM on Demand \nCDP Communication Server \nCDP Integration Server \nGeneral Auth Connector Login Application \nProxyAV \nProxyAV ConLog and ConLogXP \nProxySG \nSymantec HSM Agent for the Luna SP \nUnified Agent \nWSS Agent \nWSS Mobile Agent**\n\nThe following products are under investigation: \n**Advanced Secure Gateway \nCacheFlow \nSSL Visibility \nX-Series XOS**\n\n \n\n### ISSUES\n\nCVE-2018-0734 \n--- \n**Severity / CVSSv3** | Medium / 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n**References** | SecurityFocus: [BID 105758](<https://www.securityfocus.com/bid/105758>) / NVD: [CVE-2018-0734](<https://nvd.nist.gov/vuln/detail/CVE-2018-0734>) \n**Impact** | Information disclosure \n**Description** | A timing side channel flaw in the DSA signature algorithm implementation allows an attacker to recover DSA private keys. \n \n \n\nCVE-2018-0735 \n--- \n**Severity / CVSSv3** | Medium / 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n**References** | SecurityFocus: [BID 105750](<https://www.securityfocus.com/bid/105750>) / NVD: [CVE-2018-0735](<https://nvd.nist.gov/vuln/detail/CVE-2018-0735>) \n**Impact** | Information disclosure \n**Description** | A timing side channel flaw in the ECDSA signature algorithm implementation allows an attacker to recover ECDSA private keys. \n \n \n\nCVE-2018-5407 \n--- \n**Severity / CVSSv3** | Medium / 4.7 (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) \n**References** | SecurityFocus: [BID 105897](<https://www.securityfocus.com/bid/105897>) / NVD: [CVE-2018-5407](<https://nvd.nist.gov/vuln/detail/CVE-2018-5407>) \n**Impact** | Information disclosure \n**Description** | A timing side channel flaw in ECC scalar multiplication, used in ECDSA and ECDH signatures, allows a local attacker to recover ECDSA or ECDH private keys. \n \n \n\nCVE-2019-1543 \n--- \n**Severity / CVSSv3** | High / 7.4 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n**References** | SecurityFocus: [BID 107349](<https://www.securityfocus.com/bid/107349>) / NVD: [CVE-2019-1543](<https://nvd.nist.gov/vuln/detail/CVE-2019-1543>) \n**Impact** | Unspecified \n**Description** | An insufficient cryptographic parameter validation fault in the ChaCha20-Poly1305 cipher implementation allows an attacker to compromise data confidentiality and integrity through unspecified vectors. \n \n \n\nCVE-2019-1552 \n--- \n**Severity / CVSSv3** | Low / 3.3 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) \n**References** | SecurityFocus: [BID 109443](<https://www.securityfocus.com/bid/109443>) / NVD: [CVE-2019-1552](<https://nvd.nist.gov/vuln/detail/CVE-2019-1552>) \n**Impact** | Unauthorized modification of configuration and executable code \n**Description** | A fault in configuration file specification allows a local attacker to insert malicious CA certificates and modify OpenSSL configuration and executable engine modules. \n \n \n\nCVE-2019-1559 \n--- \n**Severity / CVSSv3** | Medium / 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n**References** | SecurityFocus: [BID 107174](<https://www.securityfocus.com/bid/107174>) / NVD: [CVE-2019-1559](<https://nvd.nist.gov/vuln/detail/CVE-2019-1559>) \n**Impact** | Information disclosure \n**Description** | A padding oracle fault in the SSL library allows a remote attacker to decrypt data encrypted inside the SSL tunnel. \n \n \n\n### REFERENCES \n\nOpenSSL Security Advisory [29 October 2018] - <https://www.openssl.org/news/secadv/20181029.txt> \nOpenSSL Security Advisory [30 October 2018] - <https://www.openssl.org/news/secadv/20181030.txt> \nOpenSSL Security Advisory [12 November 2018] - <https://www.openssl.org/news/secadv/20181112.txt> \nOpenSSL Security Advisory [26 February 2019] - <https://www.openssl.org/news/secadv/20190226.txt> \nOpenSSL Security Advisory [6 March 2019] - <https://www.openssl.org/news/secadv/20190306.txt> \nOpenSSL Security Advisory [30 July 2019] - <https://www.openssl.org/news/secadv/20190730.txt> \n \n\n### REVISION \n\n2020-11-19 A fix for MTD 1.1 will not be provided. Please upgrade to a version of CAS and SMG with the vulnerability fixes. A fix for SA 7.3 and 8.0 will not be provided. Please upgrade to a later version with the vulnerability fixes. A fix for Director 6.1 will not be provided. Please upgrade to a version of MC with the vulnerability fixes. A fix for Reporter 10.4 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2020-11-12 Content Analysis 3.1 is vulnerable to CVE-2018-0735 and CVE-2019-1559. Content Analysis 3.1 is not vulnerable to CVE-2018-5407 because a fix is available in 3.1.0.0. \n2020-04-05 Content Analysis 3.0 is vulnerable to CVE-2018-0735, CVE-2018-5407, and CVE-2019-1559. Reporter 10.5 is vulnerable to CVE-2019-1559. Fixes will not be provided for Management Center 2.2 and Reporter 10.3. Please upgrade to a later version with the vulnerability fixes. Security Analytics 8.1 is vulnerable to CVE-2018-0734, CVE-2018-5407, and CVE-2019-1559. \n2020-04-04 PacketShaper S-Series and PolicyCenter S-Series are vulnerable to CVE-2018-0734, CVE-2018-0735, CVE-2018-5407, and CVE-2019-1559. A fix for PacketShaper S-Series will not be provided. Allot Secure Services Gateway (SSG) is a replacement product for PacketShaper S-Series. Switch to a version of SSG with the vulnerability fixes. A fix for PolicyCenter S-Series will not be provided. Allot NetXplorer is a replacement product for PolicyCenter S-Series. Switch to a version of NetXplorer with the vulnerability fixes. \n2020-01-26 MC 2.4 is not vulnerable because a fix is available in 2.4.1.1. \n2020-01-19 A fix for Malware Analysis will not be provided. Please upgrade to a version of Content Analysis with the vulnerability fixes. \n2019-10-10 A fix for PacketShaper 9.2 will not be provided. Please upgrade to a version of PacketShaper S-Series with the vulnerability fixes. A fix for PolicyCenter 9.2 will not be provided. Please upgrade to a version of PolicyCenter S-Series with the vulnerability fixes. \n2019-10-07 WI 1.13 is not vulnerable. \n2019-10-04 A fix for MC 2.3 is available in 2.3.3.1. \n2019-09-09 Added SecurityFocus BID for CVE-2019-1552. \n2019-09-05 initial public release\n", "modified": "2020-12-21T21:21:54", "published": "2019-09-05T08:00:00", "id": "SMNTC-1490", "href": "", "type": "symantec", "title": "OpenSSL Vulnerabilities Oct 2018 - Jul 2019", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "oraclelinux": [{"lastseen": "2019-08-19T21:14:00", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-5407", "CVE-2018-0735", "CVE-2019-1559"], "description": "[1.0.2k-19.0.1]\n- Bump release for rebuild.\n[1.0.2k-19]\n- close the RSA decryption 9 lives of Bleichenbacher cat\n timing side channel (#1649568)\n[1.0.2k-18]\n- fix CVE-2018-0734 - DSA signature local timing side channel\n- fix CVE-2019-1559 - 0-byte record padding oracle\n- close the RSA decryption One & done EM side channel (#1619558)\n[1.0.2k-17]\n- use SHA-256 in FIPS RSA pairwise key check\n- fix CVE-2018-5407 (and CVE-2018-0735) - EC signature local\n timing side-channel key extraction", "edition": 1, "modified": "2019-08-19T00:00:00", "published": "2019-08-19T00:00:00", "id": "ELSA-2019-4754", "href": "http://linux.oracle.com/errata/ELSA-2019-4754.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-08-14T08:39:03", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-5407", "CVE-2018-0735", "CVE-2019-1559"], "description": "[1.0.2k-19.0.1]\n- Bump release for rebuild.\n[1.0.2k-19]\n- close the RSA decryption 9 lives of Bleichenbacher cat\n timing side channel (#1649568)\n[1.0.2k-18]\n- fix CVE-2018-0734 - DSA signature local timing side channel\n- fix CVE-2019-1559 - 0-byte record padding oracle\n- close the RSA decryption One & done EM side channel (#1619558)\n[1.0.2k-17]\n- use SHA-256 in FIPS RSA pairwise key check\n- fix CVE-2018-5407 (and CVE-2018-0735) - EC signature local\n timing side-channel key extraction", "edition": 1, "modified": "2019-08-13T00:00:00", "published": "2019-08-13T00:00:00", "id": "ELSA-2019-2304", "href": "http://linux.oracle.com/errata/ELSA-2019-2304.html", "title": "openssl security and bug fix update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-11-21T23:24:58", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2019-1543", "CVE-2018-0735"], "description": "[1.1.1c-2]\n- do not try to use EC groups disallowed in FIPS mode\n in TLS\n- fix Valgrind regression with constant-time code\n[1.1.1c-1]\n- update to the 1.1.1c release\n[1.1.1b-6]\n- adjust the default cert pbe algorithm for pkcs12 -export\n in the FIPS mode\n[1.1.1b-5]\n- Fix small regressions related to the rebase\n[1.1.1b-3]\n- FIPS compliance fixes\n[1.1.1b-1]\n- update to the 1.1.1b release\n- EVP_KDF API backport from master\n- SSH KDF implementation for EVP_KDF API backport from master\n- add S390x chacha20-poly1305 assembler support from master branch", "edition": 1, "modified": "2019-11-14T00:00:00", "published": "2019-11-14T00:00:00", "id": "ELSA-2019-3700", "href": "http://linux.oracle.com/errata/ELSA-2019-3700.html", "title": "openssl security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "redhat": [{"lastseen": "2020-12-24T07:30:33", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0735", "CVE-2018-5407"], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Perform the RSA signature self-tests with SHA-256 (BZ#1673914)", "modified": "2020-12-24T11:35:39", "published": "2019-03-12T12:21:31", "id": "RHSA-2019:0483", "href": "https://access.redhat.com/errata/RHSA-2019:0483", "type": "redhat", "title": "(RHSA-2019:0483) Moderate: openssl security and bug fix update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-11-05T23:04:26", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-0735", "CVE-2019-1543"], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nThe following packages have been upgraded to a later upstream version: openssl (1.1.1c). (BZ#1643026)\n\nSecurity Fix(es):\n\n* openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734)\n\n* openssl: timing side channel attack in the ECDSA signature generation (CVE-2018-0735)\n\n* openssl: ChaCha20-Poly1305 with long nonces (CVE-2019-1543)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.", "modified": "2019-11-06T02:45:54", "published": "2019-11-06T01:52:19", "id": "RHSA-2019:3700", "href": "https://access.redhat.com/errata/RHSA-2019:3700", "type": "redhat", "title": "(RHSA-2019:3700) Low: openssl security, bug fix, and enhancement update", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "debian": [{"lastseen": "2020-08-12T00:58:22", "bulletinFamily": "unix", "cvelist": ["CVE-2018-5407", "CVE-2018-0735"], "description": "Package : openssl\nVersion : 1.0.1t-1+deb8u10\nCVE ID : CVE-2018-0735 CVE-2018-5407\n\n\nCVE-2018-0735\n Samuel Weiser reported a timing vulnerability in the OpenSSL ECDSA\n signature generation, which might leak information to recover the\n private key.\n\nCVE-2018-5407\n Alejandro Cabrera Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar\n Pereida Garcia and Nicola Tuveri reported a vulnerability to a\n timing side channel attack, which might be used to recover the\n private key.\n\n\nFor Debian 8 &quot;Jessie&quot;, these problems have been fixed in version\n1.0.1t-1+deb8u10.\n\nWe recommend that you upgrade your openssl packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 10, "modified": "2018-11-21T21:45:41", "published": "2018-11-21T21:45:41", "id": "DEBIAN:DLA-1586-1:00096", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201811/msg00024.html", "title": "[SECURITY] [DLA 1586-1] openssl security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-15T01:11:31", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0732", "CVE-2018-0734", "CVE-2018-5407", "CVE-2018-0735", "CVE-2018-0737"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4348-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nNovember 30, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openssl\nCVE ID : CVE-2018-0732 CVE-2018-0734 CVE-2018-0735 CVE-2018-0737 \n CVE-2018-5407\n\nSeveral local side channel attacks and a denial of service via large\nDiffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets\nLayer toolkit.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.1.0j-1~deb9u1. Going forward, openssl security updates for\nstretch will be based on the 1.1.0x upstream releases.\n\nWe recommend that you upgrade your openssl packages.\n\nFor the detailed security status of openssl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openssl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 16, "modified": "2018-11-30T22:26:35", "published": "2018-11-30T22:26:35", "id": "DEBIAN:DSA-4348-1:05673", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00280.html", "title": "[SECURITY] [DSA 4348-1] openssl security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-09-26T13:05:38", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0732", "CVE-2018-0734", "CVE-2018-5407", "CVE-2018-0737"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4355-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nDecember 19, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openssl1.0\nCVE ID : CVE-2018-0732 CVE-2018-0734 CVE-2018-0737 CVE-2018-5407\n\nSeveral local side channel attacks and a denial of service via large\nDiffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets\nLayer toolkit.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.0.2q-1~deb9u1. Going forward, openssl1.0 security updates for\nstretch will be based on the 1.0.2x upstream releases.\n\nWe recommend that you upgrade your openssl1.0 packages.\n\nFor the detailed security status of openssl1.0 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openssl1.0\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 19, "modified": "2018-12-19T22:30:16", "published": "2018-12-19T22:30:16", "id": "DEBIAN:DSA-4355-1:1415E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00287.html", "title": "[SECURITY] [DSA 4355-1] openssl1.0 security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "centos": [{"lastseen": "2020-12-24T10:32:03", "bulletinFamily": "unix", "cvelist": ["CVE-2018-5407", "CVE-2018-0735"], "description": "**CentOS Errata and Security Advisory** CESA-2019:0483\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Perform the RSA signature self-tests with SHA-256 (BZ#1673914)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2019-March/035257.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-libs\nopenssl-perl\nopenssl-static\n\n**Upstream details at:**\n", "edition": 5, "modified": "2019-03-19T14:32:25", "published": "2019-03-19T14:32:25", "id": "CESA-2019:0483", "href": "http://lists.centos.org/pipermail/centos-announce/2019-March/035257.html", "title": "openssl security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "freebsd": [{"lastseen": "2019-05-29T18:31:50", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-0735"], "description": "\nThe OpenSSL project reports:\n\nTiming vulnerability in ECDSA signature generation\n\t (CVE-2018-0735): The OpenSSL ECDSA signature algorithm has been\n\t shown to be vulnerable to a timing side channel attack. An\n\t attacker could use variations in the signing algorithm to\n\t recover the private key (Low).\nTiming vulnerability in DSA signature generation (CVE-2018-0734):\n\t Avoid a timing attack that leaks information via a side channel\n\t that triggers when a BN is resized. Increasing the size of the\n\t BNs prior to doing anything with them suppresses the attack (Low).\n\t \n\n", "edition": 5, "modified": "2018-11-10T00:00:00", "published": "2018-10-29T00:00:00", "id": "238AE7DE-DBA2-11E8-B713-B499BAEBFEAF", "href": "https://vuxml.freebsd.org/freebsd/238ae7de-dba2-11e8-b713-b499baebfeaf.html", "title": "OpenSSL -- Multiple vulnerabilities in 1.1 branch", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:31:48", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12123", "CVE-2018-0734", "CVE-2018-5407", "CVE-2018-12120", "CVE-2018-0735", "CVE-2018-12122", "CVE-2018-12121", "CVE-2018-12116"], "description": "\nNode.js reports:\n\nUpdates are now available for all active Node.js release lines. These include fixes for the vulnerabilities identified in the initial announcement. They also include upgrades of Node.js 6 and 8 to OpenSSL 1.0.2q, and upgrades of Node.js 10 and 11 to OpenSSL 1.1.0j.\nWe recommend that all Node.js users upgrade to a version listed below as soon as possible.\nDebugger port 5858 listens on any interface by default (CVE-2018-12120)\nAll versions of Node.js 6 are vulnerable and the severity is HIGH. When the debugger is enabled with node --debug or node debug, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate arbitrary JavaScript. The default interface is now localhost. It has always been possible to start the debugger on a specific interface, such as node --debug=localhost. The debugger was removed in Node.js 8 and replaced with the inspector, so no versions from 8 and later are vulnerable.\nDenial of Service with large HTTP headers (CVE-2018-12121)\nAll versions of 6 and later are vulnerable and the severity is HIGH. By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.\nThe total size of HTTP headers received by Node.js now must not exceed 8192 bytes.\n\"Slowloris\" HTTP Denial of Service (CVE-2018-12122)\nAll versions of Node.js 6 and later are vulnerable and the severity is LOW. An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time. Attack potential is mitigated by the use of a load balancer or other proxy layer.\nA timeout of 40 seconds now applies to servers receiving HTTP headers. This value can be adjusted with server.headersTimeout. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with server.setTimeout(), this aids in protecting against excessive resource retention and possible Denial of Service.\nHostname spoofing in URL parser for javascript protocol (CVE-2018-12123)\nAll versions of Node.js 6 and later are vulnerable and the severity is LOW. If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case \"javascript:\" (e.g. \"javAscript:\") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.\nHTTP request splitting (CVE-2018-12116)\nNode.js 6 and 8 are vulnerable and the severity is MEDIUM. If Node.js can be convinced to use unsanitized user-provided Unicode data for the path option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.\nOpenSSL Timing vulnerability in ECDSA signature generation (CVE-2018-0735)\nThe OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side-channel attack. An attacker could use variations in the signing algorithm to recover the private key.\nOpenSSL Timing vulnerability in DSA signature generation (CVE-2018-0734)\nThe OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side-channel attack. An attacker could use variations in the signing algorithm to recover the private key.\nOpenSSL Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407)\nOpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been shown to be vulnerable to a microarchitecture timing side-channel attack. An attacker with sufficient access to mount local timing attacks during ECDSA signature generation could recover the private key.\n\n", "edition": 5, "modified": "2018-11-27T00:00:00", "published": "2018-11-27T00:00:00", "id": "2A86F45A-FC3C-11E8-A414-00155D006B02", "href": "https://vuxml.freebsd.org/freebsd/2a86f45a-fc3c-11e8-a414-00155d006b02.html", "title": "node.js -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2018-11-24T21:04:34", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-0735"], "description": "This update for openssl-1_1 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-0734: timing vulnerability in DSA signature generation\n (bsc#1113652).\n - CVE-2018-0735: timing vulnerability in ECDSA signature generation\n (bsc#1113651).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2018-11-24T18:11:36", "published": "2018-11-24T18:11:36", "id": "OPENSUSE-SU-2018:3890-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-11/msg00043.html", "title": "Security update for openssl-1_1 (moderate)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-11-24T21:04:34", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-5407"], "description": "This update for openssl fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation\n (bsc#1113652).\n - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack\n defenses (bsc#1113534).\n - Add missing timing side channel patch for DSA signature generation\n (bsc#1113742).\n\n Non-security issues fixed:\n\n - Fixed infinite loop in DSA generation with incorrect parameters\n (bsc#1112209).\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n", "edition": 1, "modified": "2018-11-24T18:18:01", "published": "2018-11-24T18:18:01", "id": "OPENSUSE-SU-2018:3903-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-11/msg00046.html", "title": "Security update for openssl (moderate)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-12-08T17:30:05", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-5407"], "description": "This update for openssl-1_0_0 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation\n (bsc#1113652).\n - CVE-2018-5407: Added elliptic curve scalar multiplication timing attack\n defenses that fixes &quot;PortSmash&quot; (bsc#1113534).\n\n Non-security issues fixed:\n\n - Added missing timing side channel patch for DSA signature generation\n (bsc#1113742).\n - Set TLS version to 0 in msg_callback for record messages to avoid\n confusing applications (bsc#1100078).\n - Fixed infinite loop in DSA generation with incorrect parameters\n (bsc#1112209)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2018-12-08T15:08:25", "published": "2018-12-08T15:08:25", "id": "OPENSUSE-SU-2018:4050-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00018.html", "title": "Security update for openssl-1_0_0 (moderate)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-12-13T05:36:33", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-5407", "CVE-2016-8610"], "description": "This update for compat-openssl098 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation\n (bsc#1113652).\n - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack\n defenses (bsc#1113534).\n - CVE-2016-8610: Adjusted current fix and add missing error string\n (bsc#1110018).\n - Fixed the &quot;One and Done&quot; side-channel attack on RSA (bsc#1104789).\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "edition": 1, "modified": "2018-12-13T03:13:21", "published": "2018-12-13T03:13:21", "id": "OPENSUSE-SU-2018:4104-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00026.html", "title": "Security update for compat-openssl098 (moderate)", "type": "suse", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:40", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-0735"], "description": "Arch Linux Security Advisory ASA-201812-6\n=========================================\n\nSeverity: Low\nDate : 2018-12-08\nCVE-ID : CVE-2018-0734 CVE-2018-0735\nPackage : lib32-openssl\nType : private key recovery\nRemote : Yes\nLink : https://security.archlinux.org/AVG-793\n\nSummary\n=======\n\nThe package lib32-openssl before version 1:1.1.1.a-1 is vulnerable to\nprivate key recovery.\n\nResolution\n==========\n\nUpgrade to 1:1.1.1.a-1.\n\n# pacman -Syu \"lib32-openssl>=1:1.1.1.a-1\"\n\nThe problems have been fixed upstream in version 1.1.1.a.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2018-0734 (private key recovery)\n\nA timing vulnerability has been found in DSA signature generation in\nopenssl versions up to and including 1.1.1, where information is leaked\nvia a side channel when a BN is resized and could lead to private key\nrecovery.\n\n- CVE-2018-0735 (private key recovery)\n\nThe OpenSSL ECDSA signature algorithm has been shown to be vulnerable\nto a timing side channel attack in openssl versions prior to 1.1.1a. An\nattacker could use variations in the signing algorithm to recover the\nprivate key.\n\nImpact\n======\n\nA remote attacker might be able to recover a private ECDSA or DSA key\nvia a timing attack.\n\nReferences\n==========\n\nhttps://www.openssl.org/news/secadv/20181029.txt\nhttps://www.openssl.org/news/secadv/20181030.txt\nhttps://github.com/openssl/openssl/commit/8abfe72e8c1de1b95f50aa0d9134803b4d00070f\nhttps://github.com/openssl/openssl/pull/7486\nhttps://github.com/openssl/openssl/commit/b1d6d55ece1c26fa2829e2b819b038d7b6d692b4\nhttps://security.archlinux.org/CVE-2018-0734\nhttps://security.archlinux.org/CVE-2018-0735", "modified": "2018-12-08T00:00:00", "published": "2018-12-08T00:00:00", "id": "ASA-201812-6", "href": "https://security.archlinux.org/ASA-201812-6", "type": "archlinux", "title": "[ASA-201812-6] lib32-openssl: private key recovery", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-09-22T18:36:40", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-0735"], "description": "Arch Linux Security Advisory ASA-201812-5\n=========================================\n\nSeverity: Low\nDate : 2018-12-08\nCVE-ID : CVE-2018-0734 CVE-2018-0735\nPackage : openssl\nType : private key recovery\nRemote : Yes\nLink : https://security.archlinux.org/AVG-792\n\nSummary\n=======\n\nThe package openssl before version 1.1.1.a-1 is vulnerable to private\nkey recovery.\n\nResolution\n==========\n\nUpgrade to 1.1.1.a-1.\n\n# pacman -Syu \"openssl>=1.1.1.a-1\"\n\nThe problems have been fixed upstream in version 1.1.1.a.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2018-0734 (private key recovery)\n\nA timing vulnerability has been found in DSA signature generation in\nopenssl versions up to and including 1.1.1, where information is leaked\nvia a side channel when a BN is resized and could lead to private key\nrecovery.\n\n- CVE-2018-0735 (private key recovery)\n\nThe OpenSSL ECDSA signature algorithm has been shown to be vulnerable\nto a timing side channel attack in openssl versions prior to 1.1.1a. An\nattacker could use variations in the signing algorithm to recover the\nprivate key.\n\nImpact\n======\n\nA remote attacker might be able to recover a private ECDSA or DSA key\nvia a timing attack.\n\nReferences\n==========\n\nhttps://www.openssl.org/news/secadv/20181029.txt\nhttps://www.openssl.org/news/secadv/20181030.txt\nhttps://github.com/openssl/openssl/commit/8abfe72e8c1de1b95f50aa0d9134803b4d00070f\nhttps://github.com/openssl/openssl/pull/7486\nhttps://github.com/openssl/openssl/commit/b1d6d55ece1c26fa2829e2b819b038d7b6d692b4\nhttps://security.archlinux.org/CVE-2018-0734\nhttps://security.archlinux.org/CVE-2018-0735", "modified": "2018-12-08T00:00:00", "published": "2018-12-08T00:00:00", "id": "ASA-201812-5", "href": "https://security.archlinux.org/ASA-201812-5", "type": "archlinux", "title": "[ASA-201812-5] openssl: private key recovery", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-09-22T18:36:40", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-5407"], "description": "Arch Linux Security Advisory ASA-201812-7\n=========================================\n\nSeverity: Low\nDate : 2018-12-08\nCVE-ID : CVE-2018-0734 CVE-2018-5407\nPackage : lib32-openssl-1.0\nType : private key recovery\nRemote : Yes\nLink : https://security.archlinux.org/AVG-806\n\nSummary\n=======\n\nThe package lib32-openssl-1.0 before version 1.0.2.q-1 is vulnerable to\nprivate key recovery.\n\nResolution\n==========\n\nUpgrade to 1.0.2.q-1.\n\n# pacman -Syu \"lib32-openssl-1.0>=1.0.2.q-1\"\n\nThe problems have been fixed upstream in version 1.0.2.q.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2018-0734 (private key recovery)\n\nA timing vulnerability has been found in DSA signature generation in\nopenssl versions up to and including 1.1.1, where information is leaked\nvia a side channel when a BN is resized and could lead to private key\nrecovery.\n\n- CVE-2018-5407 (private key recovery)\n\nA vulnerability has been found in the ECC scalar multiplication\nimplementation of OpenSSL < 1.1.0i and <= 1.0.2p. The implementation,\nused in e.g. ECDSA and ECDH, has been shown\nto be vulnerable to a microarchitecture timing side channel attack. An\nattacker with sufficient access to mount local timing attacks during\nECDSA signature generation could recover the private key.\n\nImpact\n======\n\nA remote attacker might be able to recover a private DSA key via a\ntiming attack. In addition, a local attacker might be able to recover a\nprivate ECC key via a timing attack.\n\nReferences\n==========\n\nhttps://www.openssl.org/news/secadv/20181030.txt\nhttps://github.com/openssl/openssl/commit/8abfe72e8c1de1b95f50aa0d9134803b4d00070f\nhttps://github.com/openssl/openssl/pull/7486\nhttps://www.openssl.org/news/secadv/20181112.txt\nhttps://github.com/openssl/openssl/commit/b18162a7c9bbfb57112459a4d6631fa258fd8c0c\nhttps://security.archlinux.org/CVE-2018-0734\nhttps://security.archlinux.org/CVE-2018-5407", "modified": "2018-12-08T00:00:00", "published": "2018-12-08T00:00:00", "id": "ASA-201812-7", "href": "https://security.archlinux.org/ASA-201812-7", "type": "archlinux", "title": "[ASA-201812-7] lib32-openssl-1.0: private key recovery", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-09-22T18:36:40", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-5407"], "description": "Arch Linux Security Advisory ASA-201812-8\n=========================================\n\nSeverity: Low\nDate : 2018-12-08\nCVE-ID : CVE-2018-0734 CVE-2018-5407\nPackage : openssl-1.0\nType : private key recovery\nRemote : Yes\nLink : https://security.archlinux.org/AVG-807\n\nSummary\n=======\n\nThe package openssl-1.0 before version 1.0.2.q-1 is vulnerable to\nprivate key recovery.\n\nResolution\n==========\n\nUpgrade to 1.0.2.q-1.\n\n# pacman -Syu \"openssl-1.0>=1.0.2.q-1\"\n\nThe problems have been fixed upstream in version 1.0.2.q.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2018-0734 (private key recovery)\n\nA timing vulnerability has been found in DSA signature generation in\nopenssl versions up to and including 1.1.1, where information is leaked\nvia a side channel when a BN is resized and could lead to private key\nrecovery.\n\n- CVE-2018-5407 (private key recovery)\n\nA vulnerability has been found in the ECC scalar multiplication\nimplementation of OpenSSL < 1.1.0i and <= 1.0.2p. The implementation,\nused in e.g. ECDSA and ECDH, has been shown\nto be vulnerable to a microarchitecture timing side channel attack. An\nattacker with sufficient access to mount local timing attacks during\nECDSA signature generation could recover the private key.\n\nImpact\n======\n\nA remote attacker might be able to recover a private DSA key via a\ntiming attack. In addition, a local attacker might be able to recover a\nprivate ECC key via a timing attack.\n\nReferences\n==========\n\nhttps://www.openssl.org/news/secadv/20181030.txt\nhttps://github.com/openssl/openssl/commit/8abfe72e8c1de1b95f50aa0d9134803b4d00070f\nhttps://github.com/openssl/openssl/pull/7486\nhttps://www.openssl.org/news/secadv/20181112.txt\nhttps://github.com/openssl/openssl/commit/b18162a7c9bbfb57112459a4d6631fa258fd8c0c\nhttps://security.archlinux.org/CVE-2018-0734\nhttps://security.archlinux.org/CVE-2018-5407", "modified": "2018-12-08T00:00:00", "published": "2018-12-08T00:00:00", "id": "ASA-201812-8", "href": "https://security.archlinux.org/ASA-201812-8", "type": "archlinux", "title": "[ASA-201812-8] openssl-1.0: private key recovery", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "slackware": [{"lastseen": "2020-10-25T16:36:01", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-5407"], "description": "New openssl packages are available for Slackware 14.2 and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/openssl-1.0.2q-i586-1_slack14.2.txz: Upgraded.\n This update fixes a timing side-channel flaw on processors which implement\n SMT/Hyper-Threading architectures, and a side channel attack on DSA\n signature generation that could allow an attacker to recover the private key.\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734\n (* Security fix *)\npatches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz: Upgraded.\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1u-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1u-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1u-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1u-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz\n\nUpdated packages for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2q-x86_64-1_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.1.1a-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.1.1a-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.1.1a-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.1.1a-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 packages:\ne6d4b3a76383f9f253da4128ba23f269 openssl-1.0.1u-i486-1_slack14.0.txz\nc61d31a1751ae39af89d3fee0b54f0d8 openssl-solibs-1.0.1u-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n96be19e6a96c9beb5d3bbc55348fb483 openssl-1.0.1u-x86_64-1_slack14.0.txz\nb7a8fa2ebd16c8ae106fc1267bc29eca openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n099b960e62eaea5d1a639a61a2fabca7 openssl-1.0.1u-i486-1_slack14.1.txz\nb5d5219e05db97f63c4d6c389d6884fb openssl-solibs-1.0.1u-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nfc96c87d76c9d1efd1290ac847fa7c7c openssl-1.0.1u-x86_64-1_slack14.1.txz\ne873b66f84f45ea34d028a3d524ce573 openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz\n\nSlackware 14.2 packages:\nd5f0cc19451e9c7e3967820cf02a20c6 openssl-1.0.2q-i586-1_slack14.2.txz\n594ca80447baecd608a51083b12a26d9 openssl-solibs-1.0.2q-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 packages:\n943bb2f3259ccf97a1b8b25f5f511c30 openssl-1.0.2q-x86_64-1_slack14.2.txz\n0d45afe2487c47b283c06902c56e4559 openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz\n\nSlackware -current packages:\n6f01f6dd0f40a12e473320386cfc8536 a/openssl-solibs-1.1.1a-i586-1.txz\n6e5a2ab2475a0d851376d12911b3c6b7 n/openssl-1.1.1a-i586-1.txz\n\nSlackware x86_64 -current packages:\neb4697703f1f4b81ad38e9247ab70dac a/openssl-solibs-1.1.1a-x86_64-1.txz\n12a10fd6bd2344b3e73106c8d5b9828c n/openssl-1.1.1a-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg openssl-1.0.2q-i586-1_slack14.2.txz openssl-solibs-1.0.2q-i586-1_slack14.2.txz", "modified": "2018-11-22T06:43:55", "published": "2018-11-22T06:43:55", "id": "SSA-2018-325-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.576913", "type": "slackware", "title": "[slackware-security] openssl", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "aix": [{"lastseen": "2019-05-29T19:19:14", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-5407"], "description": "IBM SECURITY ADVISORY\n\nFirst Issued: Tue Dec 11 09:37:36 CST 2018\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/openssl_advisory29.asc\nhttps://aix.software.ibm.com/aix/efixes/security/openssl_advisory29.asc\nftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory29.asc\n\n\nSecurity Bulletin: Vulnerabilities in OpenSSL affect AIX (CVE-2018-0734, \n CVE-2018-5407)\n\n\n===============================================================================\n\nSUMMARY:\n\n There are vulnerabilities in OpenSSL used by AIX.\n\n\n===============================================================================\n\nVULNERABILITY DETAILS:\n\n CVEID: CVE-2018-0734\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734\n DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive \n information, caused by a timing side channel attack in the DSA \n signature algorithm. An attacker could exploit this vulnerability \n using variations in the signing algorithm to recover the private key.\n CVSS Base Score: 3.7\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/152085 \n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector:(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n CVEID: CVE-2018-5407\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407\n DESCRIPTION: Multiple SMT/Hyper-Threading architectures and \n processors could allow a local attacker to obtain sensitive \n information, caused by execution engine sharing on Simultaneous \n Multithreading (SMT) architecture. By using the PortSmash new \n side-channel attack, an attacker could run a malicious process next \n to legitimate processes using the architectures parallel thread \n running capabilities to leak encrypted data from the CPU's internal \n processes. Note: This vulnerability is known as PortSmash.\n CVSS Base Score: 5.1\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/152484\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector:(CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n\n AFFECTED PRODUCTS AND VERSIONS:\n \n AIX 5.3, 6.1, 7.1, 7.2\n VIOS 2.2.x\n\n The following fileset levels are vulnerable:\n \n key_fileset = osrcaix\n\n Fileset Lower Level Upper Level KEY\n ------------------------------------------------------\n openssl.base 1.0.2.500 1.0.2.1600 key_w_fs\n openssl.base 20.13.102.1000 20.16.102.1600 key_w_fs\n\n Note:\n A. 0.9.8, 1.0.1 OpenSSL versions are out-of-support. Customers are\n advised to upgrade to currently supported OpenSSL 1.0.2 version.\n\n B. Latest level of OpenSSL fileset is available from the web download site:\n https://www-01.ibm.com/marketing/iwm/iwm/web/pickUrxNew.do?source=aixbp&S_PKG=openssl\n \n To find out whether the affected filesets are installed on your systems,\n refer to the lslpp command found in the AIX user's guide.\n\n Example: lslpp -L | grep -i openssl.base\n\n REMEDIATION:\n\n A. FIXES\n\n The fixes can be downloaded via ftp or http from:\n\n ftp://aix.software.ibm.com/aix/efixes/security/openssl_fix29.tar\n http://aix.software.ibm.com/aix/efixes/security/openssl_fix29.tar\n https://aix.software.ibm.com/aix/efixes/security/openssl_fix29.tar\n\n The links above are to a tar file containing this signed\n advisory, fix packages, and OpenSSL signatures for each package.\n The fixes below include prerequisite checking. This will\n enforce the correct mapping between the fixes and AIX\n Technology Levels.\n \n Note that the tar file contains Interim fixes that are based on\n OpenSSL version, and AIX OpenSSL fixes are cumulative.\n\n You must be on the 'prereq for installation' level before\n applying the interim fix. This may require installing a new\n level(prereq version) first.\n\n\n AIX Level Interim Fix (*.Z) Fileset Name(prereq for installation) KEY\n --------------------------------------------------------------------------------------------\n 5.3, 6.1, 7.1, 7.2 102p_fix.181127.epkg.Z openssl.base(1.0.2.1600) key_w_fix\n 5.3, 6.1, 7.1, 7.2 fips_102p.181127.epkg.Z openssl.base(20.16.102.1600) key_w_fix\n\n VIOS Level Interim Fix (*.Z) Fileset Name(prereq for installation) KEY\n --------------------------------------------------------------------------------------------\n 2.2.x 102p_fix.181127.epkg.Z openssl.base(1.0.2.1600) key_w_fix \n 2.2.x fips_102p.181127.epkg.Z openssl.base(20.16.102.1600) key_w_fix\n\n\n To extract the fixes from the tar file:\n\n tar xvf openssl_fix29.tar\n cd openssl_fix29\n\n Verify you have retrieved the fixes intact:\n\n The checksums below were generated using the\n \"openssl dgst -sha256 file\" command as the followng:\n\n openssl dgst -sha256 filename KEY\n -----------------------------------------------------------------------------------------------------\n 4f68017e5ff53cb74e0f6e30fc0410193dd1641e7997a5a9e4bc630d47666eaf 102p_fix.181127.epkg.Z key_w_csum\n 42714d3f644d4b3250314721ae2e32f0680fea264f9b358a50f7fe9c07713b38 fips_102p.181127.epkg.Z key_w_csum\n\n These sums should match exactly. The OpenSSL signatures in the tar\n file and on this advisory can also be used to verify the\n integrity of the fixes. If the sums or signatures cannot be\n confirmed, contact IBM AIX Support at\n https://ibm.com/support/ and describe the discrepancy.\n \n openssl dgst -sha1 -verify <pubkey_file> -signature <advisory_file>.sig <advisory_file>\n\n openssl dgst -sha1 -verify <pubkey_file> -signature <ifix_file>.sig <ifix_file>\n\n Published advisory OpenSSL signature file location:\n\n http://aix.software.ibm.com/aix/efixes/security/openssl_advisory29.asc.sig\n https://aix.software.ibm.com/aix/efixes/security/openssl_advisory29.asc.sig\n ftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory29.asc.sig\n\n B. FIX AND INTERIM FIX INSTALLATION\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; however, IBM does fully support them.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e ipkg_name -p # where ipkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e ipkg_name -X # where ipkg_name is the name of the\n # interim fix package being installed.\n\n\n \n WORKAROUNDS AND MITIGATIONS:\n\n None.\n\n\n===============================================================================\n\nCONTACT US:\n\n Note: Keywords labeled as KEY in this document are used for parsing\n purposes.\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n https://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n https://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Contact IBM Support for questions related to this announcement:\n\n http://ibm.com/support/\n https://ibm.com/support/\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\nftp://ftp.software.ibm.com/systems/power/AIX/systems_p_os_aix_security_pubkey.txt\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\nREFERENCES:\n\n Complete CVSS v3 Guide:\n http://www.first.org/cvss/user-guide\n https://www.first.org/cvss/user-guide\n On-line Calculator v3:\n http://www.first.org/cvss/calculator/3.0\n https://www.first.org/cvss/calculator/3.0\n\n\nRELATED INFORMATION:\n\n Security Bulletin: Vulnerabilities in OpenSSL affect AIX (CVE-2018-0734,\n CVE-2018-5407)\n https://www-01.ibm.com/support/docview.wss?uid=ibm10742759\n\n\nACKNOWLEDGEMENTS:\n\n None.\n\n\nCHANGE HISTORY:\n\n First Issued: Tue Dec 11 09:37:36 CST 2018\n\n\n===============================================================================\n\n*The CVSS Environment Score is customer environment specific and will\nultimately impact the Overall CVSS Score. Customers can evaluate the impact\nof this vulnerability in their environments by accessing the links in the\nReference section of this Security Bulletin.\n\nDisclaimer\nAccording to the Forum of Incident Response and Security Teams (FIRST), the\nCommon Vulnerability Scoring System (CVSS) is an \"industry open standard\ndesigned to convey vulnerability severity and help to determine urgency and\npriority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY\nOF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS\nFOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT\nOF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n", "edition": 4, "modified": "2018-12-11T09:37:36", "published": "2018-12-11T09:37:36", "id": "OPENSSL_ADVISORY29.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory29.asc", "title": "There are vulnerabilities in OpenSSL used by AIX.", "type": "aix", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0495", "CVE-2018-0734", "CVE-2018-0735"], "description": "The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. ", "modified": "2019-01-18T02:14:55", "published": "2019-01-18T02:14:55", "id": "FEDORA:67D5B602F037", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: openssl-1.1.1a-1.fc29", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "openssl": [{"lastseen": "2020-09-14T11:36:03", "bulletinFamily": "software", "cvelist": ["CVE-2018-0735"], "description": " The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Reported by Samuel Weiser. \n\n * Fixed in OpenSSL 1.1.1a [(git commit)](<https://github.com/openssl/openssl/commit/b1d6d55ece1c26fa2829e2b819b038d7b6d692b4>) (Affected 1.1.1)\n * Fixed in OpenSSL 1.1.0j [(git commit)](<https://github.com/openssl/openssl/commit/56fb454d281a023b3f950d969693553d3f3ceea1>) (Affected 1.1.0-1.1.0i)\n", "edition": 1, "modified": "2018-10-29T00:00:00", "published": "2018-10-29T00:00:00", "id": "OPENSSL:CVE-2018-0735", "href": "https://www.openssl.org/news/secadv/20181029.txt", "title": "Vulnerability in OpenSSL - Timing vulnerability in ECDSA signature generation ", "type": "openssl", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "hp": [{"lastseen": "2020-10-13T01:01:53", "bulletinFamily": "software", "cvelist": ["CVE-2018-5407"], "description": "## Potential Security Impact\nInformation disclosure.\n\n**Source:** HP, HP Product Security Response Team (PSRT) \n\n**Reported By:** Tampere University of Technology, Finland and Technical University, Cuba \n\n## VULNERABILITY SUMMARY\nAn industry-wide vulnerability has been reported which impacts CPUs that use Simultaneous Multithreading Technology (SMT). The attack consists of running a malicious process in parallel with legitimate processes using the parallel threading capabilities of SMT. The legitimate process leaks small amounts of data to the malicious processes, which could allow an attacker to reconstruct the data that was inside the legitimate process.\n\n## RESOLUTION\nHP worked with industry partners to analyze the researcher\u2019s findings. Software written using safe algorithms to prevent side channel analysis are not vulnerable to the researchers\u2019 methods. The firmware shipped on HP platforms is not vulnerable to this issue; there will not be any firmware updates published with this security bulletin.\n\n**Additional Resources:**\n\n[AMD article on PortSmash mitigations__](<https://www.amd.com/en/support/kb/faq/pa-210> \"External site.\" ) (in English) \n", "edition": 2, "modified": "2019-01-07T00:00:00", "published": "2018-11-02T00:00:00", "id": "HP:C06179472", "href": "https://support.hp.com/us-en/document/c06179472", "title": "HPSBHF03597 rev. 3 - PortSmash Side-Channel Vulnerability", "type": "hp", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}], "tenable": [{"lastseen": "2019-05-29T14:50:10", "bulletinFamily": "info", "cvelist": ["CVE-2018-5407"], "description": "Nessus leverages third-party software to help provide underlying functionality. One third-party component (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. \n \nOut of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address the potential impact of these issues in Nessus. Nessus 8.1.1 updates OpenSSL to version 1.0.2q to address the identified vulnerabilities. \n \nNote: The CVSSv2 score used in this advisory reflects CVE-2018-5407, as it is considered the highest risk.", "modified": "2018-12-20T17:47:49", "published": "2018-12-20T17:47:49", "id": "TENABLE:9F24FEB7FE0181ECA052DBF157184E58", "href": "https://www.tenable.com/security/tns-2018-16", "type": "tenable", "title": "[R1] Nessus 8.1.1 Fixes Multiple Third-party Vulnerabilities", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}], "threatpost": [{"lastseen": "2019-05-30T05:52:54", "bulletinFamily": "info", "cvelist": ["CVE-2018-5407"], "description": "Yet another side-channel attack, this time dubbed PortSmash, has been discovered in CPUs.\n\nThe attack allows attackers to manipulate a glitch in the simultaneous multithreading (SMT) architecture used in CPUs \u2014 and siphon processed data from chips.\n\nSeveral attacks have popped up over the past year using a side-channel technique, which is an attack that uses reverse-engineering to glean the information used in different types of processes. That includes systems that use memory caches (which ultimately led to the infamous [Spectre/Meltdown discoveries](<https://threatpost.com/vendors-share-patch-updates-on-spectre-and-meltdown-mitigation-efforts/129307/>) at the beginning of the year) or, in this case, systems using SMT.\n\nThe discoverers of the attack \u2013 five researchers from the Technical University of Havana, and the Tampere University of Technology in Finland \u2013 outlined the proof-of-concept exploit in a Github [post](<https://github.com/bbbrumley/portsmash>), Friday.\n\n## PortSmash Breakdown\n\nThe attack exploits a vulnerability, [CVE-2018-5407](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407>), existing in the SMT process in CPUs, which enables chips to run more than one program at the same time. It does this by allowing multiple threads to run simultaneously on one core.\n\nResearchers said they could detect and measure delays in port contention, a process that allows multiple instructions in the same processor to be assigned to various ports before they are completed.\n\nIn tracking these delays in instructions that are awaiting completion on the processor core, researchers could work backwards to \u201cexfiltrate information from processes running in parallel on the same physical core,\u201d Billy Brumley, one of the researchers who discovered PortSmash, said in a [notice](<https://seclists.org/oss-sec/2018/q4/123>) about the attack.\n\nAll chips that have SMT (including Intel\u2019s variation of it, called hyperthreading (HT) technology, used by its chip families like Skylake and Kaby Lake) are impacted.\n\nIn a real-world situation, \u201cit has been feared the most likely exploit is going to happen on infrastructure as a service environments, in which cloud provider hosts all the capabilities of an on-premises data center, including the servers, storage and networking hardware, and the virtualization or hypervisor layer,\u201d Sumanth Gangashanaiah, Director of Engineering at ShieldX, told Threatpost. \u201cAn attacker can rent instances in public cloud running malicious work load looking for extraction of the crypto keys to then steal data.\u201d\n\nThe attack can be launched against PCs or servers; and in their proof of concept (PoC) on Github, the five researchers demonstrated how they could use the side-channel attack steal an OpenSSL private key from a TLS server.\n\nBrumley said that to fix the issue, SMT/hyperthreading needs to be disabled in the BIOS.\n\nThe flaw \u201ccan result in leakage of secret data in applications such as OpenSSL, that has secret dependent control flow at any granularity level,\u201d according to a Friday [advisory](<https://access.redhat.com/security/cve/cve-2018-5407>) by RedHat. \u201cIn order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.\u201d\n\nIntel, which was notified Oct. 1 of the attack, said in a statement to Threatpost that it has received notice of the research, but stressed that it is not unique to Intel platforms. AMD did not respond to a request for comment.\n\n\u201cResearch on side-channel analysis methods often focuses on manipulating and measuring the characteristics (e.g. timing) of shared hardware resources,\u201d the Intel spokesperson told us. \u201cSoftware or software libraries can be protected against such issues by employing side-channel-safe development practices. Protecting our customers\u2019 data and ensuring the security of our products is a top priority for Intel and we will continue to work with customers, partners and researchers to understand and mitigate any vulnerabilities that are identified.\u201d\n\nCVE-2018-5407 has a score of 4.8 (a moderate severity rating) on the CVSS v3 scale, with a \u201chigh\u201d attack complexity and \u201claw\u201d level of privileges required.\n\nHowever, there are shortcomings to PortSmash; as the attack is local \u201cin the sense that the malicious process must be running on the same physical core as the victim,\u201d said Brumley.\n\nComputer scientist Colin Percival, for his part, said via Twitter that the attack is not serious enough to worry about.\n\n> I've been getting a few questions about the recent \"PortSmash\" vulnerability announcement. Short answer: This is not something you need to worry about. If your code is vulnerable to it, you were already vulnerable to other (easier) attacks.\n> \n> \u2014 Colin Percival (@cperciva) [November 2, 2018](<https://twitter.com/cperciva/status/1058424239156412416?ref_src=twsrc%5Etfw>)\n\n## Different From Spectre/Meltdown\n\nSide-channel attacks impacting Intel processors have continued to crop up over the past year. However, the other attacks have impacted other areas of the chips\u2019 technology, including Intel\u2019s Software Guard Extensions (SGX) technology, its OS and system management mode (SMM) and hypervisor software.\n\nFuther, previous infamous side-channel attacks including the [Spectre and Meltdown](<https://threatpost.com/vendors-share-patch-updates-on-spectre-and-meltdown-mitigation-efforts/129307/>)attacks disclosed in January, focus on glitches in the processors\u2019 memory through a process called speculative execution (used in microprocessors so that memory can read before the addresses of all prior memory writes are known).\n\nThat\u2019s different than the side-channel technique used for PortSmash, which does not rely on tricking the memory in chips and instead targets processes in their hyperthreading technology.\n\n\u201cThis issue is not reliant on speculative execution, and is therefore unrelated to Spectre, Meltdown or [L1 Terminal Fault](<https://threatpost.com/intel-cpus-afflicted-with-fresh-speculative-execution-flaws/135096/>),\u201d an Intel spokesperson told Threatpost.\n", "modified": "2018-11-05T16:56:02", "published": "2018-11-05T16:56:02", "id": "THREATPOST:C8DA8A39B0B2F8129283330AD5901020", "href": "https://threatpost.com/portsmash-side-channel-attack-siphons-data-from-intel-other-cpus/138777/", "type": "threatpost", "title": "PortSmash Side Channel Attack Siphons Data From Intel, Other CPUs", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:21", "description": "\nIntel (Skylake Kaby Lake) - PortSmash CPU SMT Side-Channel", "edition": 1, "published": "2018-11-02T00:00:00", "title": "Intel (Skylake Kaby Lake) - PortSmash CPU SMT Side-Channel", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-5407"], "modified": "2018-11-02T00:00:00", "id": "EXPLOITPACK:A973689D6080CBEE3C764AC41CE0B4D5", "href": "", "sourceData": "# Summary\n\nThis is a proof-of-concept exploit of the PortSmash microarchitecture attack, tracked by CVE-2018-5407.\n\n![Alt text](parse_raw_simple.png?raw=true \"Title\")\n\n# Setup\n\n## Prerequisites\n\nA CPU featuring SMT (e.g. Hyper-Threading) is the only requirement.\n\nThis exploit code should work out of the box on Skylake and Kaby Lake. For other SMT architectures, customizing the strategies and/or waiting times in `spy` is likely needed.\n\n## OpenSSL\n\nDownload and install OpenSSL 1.1.0h or lower:\n\n cd /usr/local/src\n wget https://www.openssl.org/source/openssl-1.1.0h.tar.gz\n tar xzf openssl-1.1.0h.tar.gz\n cd openssl-1.1.0h/\n export OPENSSL_ROOT_DIR=/usr/local/ssl\n ./config -d shared --prefix=$OPENSSL_ROOT_DIR --openssldir=$OPENSSL_ROOT_DIR -Wl,-rpath=$OPENSSL_ROOT_DIR/lib\n make -j8\n make test\n sudo checkinstall --strip=no --stripso=no --pkgname=openssl-1.1.0h-debug --provides=openssl-1.1.0h-debug --default make install_sw\n\nIf you use a different path, you'll need to make changes to `Makefile` and `sync.sh`.\n\n# Tooling\n\n## freq.sh\n\nTurns off frequency scaling and TurboBoost.\n\n## sync.sh\n\nSync trace through pipes. It has two victims, one of which should be active at a time:\n\n1. The stock `openssl` running `dgst` command to produce a P-384 signature.\n2. A harness `ecc` that calls scalar multiplication directly with a known key. (Useful for profiling.)\n\nThe script will generate a P-384 key pair in `secp384r1.pem` if it does not already exist.\n\nThe script outputs `data.bin` which is what `openssl dgst` signed, and you should be able to verify the ECDSA signature `data.sig` afterwards with\n\n openssl dgst -sha512 -verify secp384r1.pem -signature data.sig data.bin\n\nIn the `ecc` tool case, `data.bin` and `secp384r1.pem` are meaningless and `data.sig` is not created.\n\nFor the `taskset` commands in `sync.sh`, the cores need to be two logical cores of the same physical core; sanity check with\n\n $ grep '^core id' /proc/cpuinfo\n core id\t\t: 0\n core id\t\t: 1\n core id\t\t: 2\n core id\t\t: 3\n core id\t\t: 0\n core id\t\t: 1\n core id\t\t: 2\n core id\t\t: 3\n\nSo the script is currently configured for logical cores 3 and 7 that both map to physical core 3 (`core_id`).\n\n## spy\n\nMeasurement process that outputs measurements in `timings.bin`. To change the `spy` strategy, check the port defines in `spy.h`. Only one strategy should be active at build time.\n\nNote that `timings.bin` is actually raw clock cycle counter values, not latencies. Look in `parse_raw_simple.py` to understand the data format if necessary.\n\n## ecc\n\nVictim harness for running OpenSSL scalar multiplication with known inputs. Example:\n\n ./ecc M 4 deadbeef0123456789abcdef00000000c0ff33\n\nWill execute 4 consecutive calls to `EC_POINT_mul` with the given hex scalar.\n\n## parse_raw_simple.py\n\nQuick and dirty hack to view 1D traces. The top plot is the raw trace. Everything below is a different digital filter of the raw trace for viewing purposes. Zoom and pan are your friends here.\n\nYou might have to adjust the `CEIL` variable if the plots are too aggressively clipped.\n\nPython packages:\n\n sudo apt-get install python-numpy python-matplotlib\n\n# Usage\n\nTurn off frequency scaling:\n\n ./freq.sh\n\nMake sure everything builds:\n\n make clean\n make\n\nTake a measurement:\n\n ./sync.sh\n\nView the trace:\n\n python parse_raw_simple.py timings.bin\n\nYou can play around with one victim at a time in `sync.sh`. Sample output for the `openssl dgst` victim is in `parse_raw_simple.png`.\n\n# Credits\n\n* Alejandro Cabrera Aldaya (Universidad Tecnol\u00f3gica de la Habana (CUJAE), Habana, Cuba)\n* Billy Bob Brumley (Tampere University of Technology, Tampere, Finland)\n* Sohaib ul Hassan (Tampere University of Technology, Tampere, Finland)\n* Cesar Pereida Garc\u00eda (Tampere University of Technology, Tampere, Finland)\n* Nicola Tuveri (Tampere University of Technology, Tampere, Finland)\n\n\n\n\nEDB Download: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/45785.zip", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}]}