ID OPENVAS:1361412562310843848 Type openvas Reporter Copyright (C) 2018 Greenbone Networks GmbH Modified 2019-03-18T00:00:00
Description
The remote host is missing an update for the
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ubuntu_USN_3840_1.nasl 14288 2019-03-18 16:34:17Z cfischer $
#
# Ubuntu Update for openssl USN-3840-1
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.843848");
script_version("$Revision: 14288 $");
script_cve_id("CVE-2018-0734", "CVE-2018-0735", "CVE-2018-5407");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:N/A:N");
script_tag(name:"last_modification", value:"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $");
script_tag(name:"creation_date", value:"2018-12-07 07:39:41 +0100 (Fri, 07 Dec 2018)");
script_name("Ubuntu Update for openssl USN-3840-1");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2018 Greenbone Networks GmbH");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(14\.04 LTS|18\.04 LTS|18\.10|16\.04 LTS)");
script_xref(name:"USN", value:"3840-1");
script_xref(name:"URL", value:"http://www.ubuntu.com/usn/usn-3840-1/");
script_tag(name:"summary", value:"The remote host is missing an update for the 'openssl'
package(s) announced via the USN-3840-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Samuel Weiser discovered that OpenSSL incorrectly handled DSA signing. An
attacker could possibly use this issue to perform a timing side-channel
attack and recover private DSA keys. (CVE-2018-0734)
Samuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. An
attacker could possibly use this issue to perform a timing side-channel
attack and recover private ECDSA keys. This issue only affected Ubuntu
18.04 LTS and Ubuntu 18.10. (CVE-2018-0735)
Billy Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri,
and Alejandro Cabrera Aldaya discovered that Simultaneous Multithreading
(SMT) architectures are vulnerable to side-channel leakage. This issue is
known as 'PortSmash'. An attacker could possibly use this issue to perform
a timing side-channel attack and recover private keys. (CVE-2018-5407)");
script_tag(name:"affected", value:"openssl on Ubuntu 18.10,
Ubuntu 18.04 LTS,
Ubuntu 16.04 LTS,
Ubuntu 14.04 LTS.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release) exit(0);
res = "";
if(release == "UBUNTU14.04 LTS")
{
if ((res = isdpkgvuln(pkg:"libssl1.0.0", ver:"1.0.1f-1ubuntu2.27", rls:"UBUNTU14.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
if(release == "UBUNTU18.04 LTS")
{
if ((res = isdpkgvuln(pkg:"libssl1.0.0", ver:"1.0.2n-1ubuntu5.2", rls:"UBUNTU18.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libssl1.1", ver:"1.1.0g-2ubuntu4.3", rls:"UBUNTU18.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
if(release == "UBUNTU18.10")
{
if ((res = isdpkgvuln(pkg:"libssl1.0.0", ver:"1.0.2n-1ubuntu6.1", rls:"UBUNTU18.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libssl1.1", ver:"1.1.1-1ubuntu2.1", rls:"UBUNTU18.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
if(release == "UBUNTU16.04 LTS")
{
if ((res = isdpkgvuln(pkg:"libssl1.0.0", ver:"1.0.2g-1ubuntu4.14", rls:"UBUNTU16.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
{"id": "OPENVAS:1361412562310843848", "type": "openvas", "bulletinFamily": "scanner", "title": "Ubuntu Update for openssl USN-3840-1", "description": "The remote host is missing an update for the ", "published": "2018-12-07T00:00:00", "modified": "2019-03-18T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843848", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["http://www.ubuntu.com/usn/usn-3840-1/", "3840-1"], "cvelist": ["CVE-2018-0734", "CVE-2018-5407", "CVE-2018-0735"], "lastseen": "2019-05-29T18:33:22", "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "f5", "idList": ["F5:K49711130", "F5:K43741620"]}, {"type": "cve", "idList": ["CVE-2018-5407", "CVE-2018-0735", "CVE-2018-0734"]}, {"type": "ubuntu", "idList": ["USN-3840-1"]}, {"type": "nessus", "idList": ["OPENSSL_1_1_0J.NASL", "SUSE_SU-2018-3945-1.NASL", "UBUNTU_USN-3840-1.NASL", "OPENSUSE-2019-956.NASL", "SUSE_SU-2018-3863-1.NASL", "FREEBSD_PKG_238AE7DEDBA211E8B713B499BAEBFEAF.NASL", "ORACLE_TUXEDO_CPU_APR_2019.NASL", "DEBIAN_DLA-1586.NASL", "PHOTONOS_PHSA-2018-1_0-0199_OPENSSL.NASL", "OPENSUSE-2018-1465.NASL"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:DCF842DDD89D1624E7B2FFAA64957639"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310112409", "OPENVAS:1361412562310108484", "OPENVAS:1361412562310704348", "OPENVAS:1361412562310112410", "OPENVAS:1361412562310891586", "OPENVAS:1361412562310852142", "OPENVAS:1361412562310112411", "OPENVAS:1361412562310112408", "OPENVAS:1361412562310108483", "OPENVAS:1361412562310852145"]}, {"type": "symantec", "idList": ["SMNTC-1490", "SMNTC-105758"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-2304", "ELSA-2019-4754", "ELSA-2019-3700"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1586-1:00096", "DEBIAN:DSA-4348-1:05673", "DEBIAN:DSA-4355-1:1415E"]}, {"type": "centos", "idList": ["CESA-2019:0483"]}, {"type": "redhat", "idList": ["RHSA-2019:3700", "RHSA-2019:0483", "RHSA-2019:0651"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:3890-1", "OPENSUSE-SU-2018:3903-1", "OPENSUSE-SU-2018:4104-1", "OPENSUSE-SU-2018:4050-1"]}, {"type": "archlinux", "idList": ["ASA-201812-8", "ASA-201812-6", "ASA-201812-7", "ASA-201812-5"]}, {"type": "freebsd", "idList": ["6F170CF2-E6B7-11E8-A9A8-B499BAEBFEAF", "238AE7DE-DBA2-11E8-B713-B499BAEBFEAF", "2A86F45A-FC3C-11E8-A414-00155D006B02"]}, {"type": "slackware", "idList": ["SSA-2018-325-01"]}, {"type": "aix", "idList": ["OPENSSL_ADVISORY29.ASC"]}, {"type": "fedora", "idList": ["FEDORA:67D5B602F037"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2018-0735"]}, {"type": "threatpost", "idList": ["THREATPOST:C8DA8A39B0B2F8129283330AD5901020"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:A973689D6080CBEE3C764AC41CE0B4D5"]}, {"type": "hp", "idList": ["HP:C06179472"]}], "modified": "2019-05-29T18:33:22", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2019-05-29T18:33:22", "rev": 2}, "vulnersScore": 7.1}, "pluginID": "1361412562310843848", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3840_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for openssl USN-3840-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843848\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2018-0734\", \"CVE-2018-0735\", \"CVE-2018-5407\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-12-07 07:39:41 +0100 (Fri, 07 Dec 2018)\");\n script_name(\"Ubuntu Update for openssl USN-3840-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|18\\.04 LTS|18\\.10|16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3840-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3840-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the USN-3840-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Samuel Weiser discovered that OpenSSL incorrectly handled DSA signing. An\nattacker could possibly use this issue to perform a timing side-channel\nattack and recover private DSA keys. (CVE-2018-0734)\n\nSamuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. An\nattacker could possibly use this issue to perform a timing side-channel\nattack and recover private ECDSA keys. This issue only affected Ubuntu\n18.04 LTS and Ubuntu 18.10. (CVE-2018-0735)\n\nBilly Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri,\nand Alejandro Cabrera Aldaya discovered that Simultaneous Multithreading\n(SMT) architectures are vulnerable to side-channel leakage. This issue is\nknown as 'PortSmash'. An attacker could possibly use this issue to perform\na timing side-channel attack and recover private keys. (CVE-2018-5407)\");\n\n script_tag(name:\"affected\", value:\"openssl on Ubuntu 18.10,\n Ubuntu 18.04 LTS,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1f-1ubuntu2.27\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.2n-1ubuntu5.2\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl1.1\", ver:\"1.1.0g-2ubuntu4.3\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.2n-1ubuntu6.1\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl1.1\", ver:\"1.1.1-1ubuntu2.1\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.2g-1ubuntu4.14\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Ubuntu Local Security Checks"}
{"f5": [{"lastseen": "2020-04-06T22:39:46", "bulletinFamily": "software", "cvelist": ["CVE-2018-0734", "CVE-2018-0735"], "description": "\nF5 Product Development has assigned CPF-25030 (Traffix) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 14.x2 | None | Not applicable | Not vulnerable | None | None \n13.x | None | Not applicable \n12.x | None | Not applicable \n11.x | None | Not applicable \nEnterprise Manager | 3.x | None | Not applicable | Not vulnerable | None | None \nBIG-IQ Centralized Management | 6.x | None | Not applicable | Not vulnerable | None | None \n5.x | None | Not applicable \nF5 iWorkflow | 2.x | None | Not applicable | Not vulnerable | None | None \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Medium | [5.1](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N>) | OpenSSL \n4.x | 4.4.0 | None \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\n2 BIG-IP 14.1.0 contains the affected code. However, F5 identifies the vulnerability status as Not vulnerable because the attacker would need to be logged in to the affected system with a local administrator account to exploit it.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2018-12-15T03:22:00", "published": "2018-12-15T03:22:00", "id": "F5:K43741620", "href": "https://support.f5.com/csp/article/K43741620", "title": "OpenSSL vulnerabilities CVE-2018-0734 and CVE-2018-0735", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-04-06T22:40:06", "bulletinFamily": "software", "cvelist": ["CVE-2018-5407"], "description": "\nF5 Product Development has assigned IDs 751143 and 751152 (BIG-IP), ID 751143-7 (BIG-IQ Centralized Management), ID 751143-8 (F5 iWorkflow), ID 751143-9 (Enterprise Manager), and CPF-25013 and CPF-25014 (Traffix) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases, point releases, or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 15.x | None | 15.0.0 | Medium | [5.3](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N>) | OpenSSL EC algorithm (LTM SSL profiles, iApps LX, iRules LX, big3d, Configuration utility), CPU \n14.x | 14.0.0 - 14.1.2 | 14.1.2.1 \n13.x | 13.0.0 - 13.1.3 | None \n12.x | 12.1.0 - 12.1.5 | None \n11.x | 11.2.1 - 11.6.5 | None \nEnterprise Manager | 3.x | 3.1.1 | None | Medium | [5.3](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N>) | OpenSSL EC algorithm, CPU \nBIG-IQ Centralized Management | 6.x | 6.0.0 - 6.0.1 | None | Medium | [5.3](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N>) | OpenSSL EC algorithm, CPU \n5.x | 5.0.0 - 5.4.0 | None \nF5 iWorkflow | 2.x | 2.3.0 | None | Medium | [5.3](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N>) | OpenSSL EC algorithm, CPU \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Medium | [4.8](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N>) | OpenSSL EC algorithm, CPU \n4.x | 4.4.0 | None \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\nVulnerable platforms\n\nBIG-IP\n\n * Virtual Edition\n\nThe following platforms when vCMP guests are deployed:\n\n * VIPRION B2100\n * VIPRION B2150\n * VIPRION B2250\n * VIPRION B4200\n * VIPRION B4300 blade in the 4400(J100) 4-slot chassis\n * VIPRION B4300 blade in the 4480(J102) 4-slot chassis\n * VIPRION B4300 blade in the 4800(S100) 8-slot chassis\n * VIPRION B4450 blade in the 4480(J102) 4-slot chassis\n * VIPRION B4450 blade in the 4800(S100) 8-slot chassis\n * BIG-IP 5200v\n * BIG-IP 5250v\n * BIG-IP 7200v\n * BIG-IP 7250v\n * BIG-IP 7255v\n * BIG-IP 10200v\n * BIG-IP 10250v\n * BIG-IP 10350v\n * BIG-IP 12250v\n * BIG-IP i5800\n * BIG-IP i5820-DF (FIPS)\n * BIG-IP i7800\n * BIG-IP i7820-DF (FIPS)\n * BIG-IP i10800\n * BIG-IP i11400-DS, i11600-DS, i11800-DS\n * BIG-IP i11800\n * BIG-IP i15800\n\nBIG-IQ, F5 iWorkflow, Enterprise Manager, and Traffix\n\n * Virtual Edition/Virtual Platform\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nTo mitigate the vulnerability in multi-tenancy BIG-IP Virtual Clustered Multiprocessing (vCMP) configurations, ensure that all guests are set to at least two **Cores Per Guest**. Similarly, VE systems can be protected if the hypervisor ensures that potentially hostile co-guests cannot be scheduled on the same physical CPU.\n\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2019-09-24T18:21:00", "published": "2018-11-30T03:19:00", "id": "F5:K49711130", "href": "https://support.f5.com/csp/article/K49711130", "title": "OpenSSL and Intel processor SMT side-channel vulnerability (PortSmash) CVE-2018-5407", "type": "f5", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2021-02-02T06:52:22", "description": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).", "edition": 18, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-10-29T13:29:00", "title": "CVE-2018-0735", "type": "cve", "cwe": ["CWE-327"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0735"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4", "cpe:/a:netapp:snapdrive:-", "cpe:/a:netapp:smi-s_provider:-", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:oracle:application_server:1.0.1", "cpe:/a:netapp:oncommand_unified_manager:*", "cpe:/a:oracle:enterprise_manager_base_platform:12.1.0.5.0", "cpe:/a:oracle:enterprise_manager_ops_center:12.3.3", "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2", "cpe:/o:netapp:cn1610_firmware:-", "cpe:/a:oracle:mysql:5.7.24", "cpe:/a:oracle:api_gateway:11.1.2.4.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:netapp:cloud_backup:-", "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2", "cpe:/a:openssl:openssl:1.1.1", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:nodejs:node.js:10.14.1", "cpe:/a:netapp:steelstore:-", "cpe:/a:nodejs:node.js:11.4.0", "cpe:/a:oracle:mysql:8.0.13", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.56", "cpe:/a:oracle:enterprise_manager_base_platform:13.3.0.0.0", "cpe:/a:oracle:tuxedo:12.1.1.0.0", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.55", "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1", "cpe:/a:oracle:secure_global_desktop:5.4", "cpe:/a:oracle:enterprise_manager_base_platform:13.2.0.0.0", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.57", "cpe:/a:netapp:element_software:-", "cpe:/a:openssl:openssl:1.1.0i", "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:17.12", "cpe:/a:oracle:mysql:5.6.42", "cpe:/a:oracle:application_server:0.9.8", "cpe:/a:oracle:application_server:1.0.0", "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8", "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1", "cpe:/a:netapp:santricity_smi-s_provider:-", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-0735", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0735", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:8.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_server:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:11.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_server:0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*", "cpe:2.3:a:nodejs:node.js:10.14.1:*:*:*:lts:*:*:*", "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.42:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.1.0i:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_server:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.24:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.12:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2021-02-02T06:52:39", "description": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.", "edition": 23, "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2018-11-15T21:29:00", "title": "CVE-2018-5407", "type": "cve", "cwe": ["CWE-203"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5407"], "modified": "2020-09-18T16:58:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_tus:7.6", "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:oracle:application_server:1.0.1", "cpe:/a:oracle:enterprise_manager_base_platform:12.1.0.5.0", "cpe:/a:oracle:enterprise_manager_ops_center:12.3.3", "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2", "cpe:/a:oracle:mysql_enterprise_backup:4.1.2", "cpe:/a:oracle:api_gateway:11.1.2.4.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.56", "cpe:/o:redhat:enterprise_linux_server_aus:7.6", "cpe:/a:oracle:enterprise_manager_base_platform:13.3.0.0.0", "cpe:/a:oracle:tuxedo:12.1.1.0.0", "cpe:/o:redhat:enterprise_linux_server:7.6", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.55", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1", "cpe:/a:oracle:enterprise_manager_base_platform:13.2.0.0.0", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.57", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/a:oracle:mysql_enterprise_backup:3.12.3", "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:17.12", "cpe:/a:oracle:application_server:0.9.8", "cpe:/a:oracle:application_server:1.0.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.6", "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8", "cpe:/a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-5407", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5407", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql_enterprise_backup:3.12.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_server:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_server:0.9.8:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:application_server:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql_enterprise_backup:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.12:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2021-02-02T06:52:22", "description": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).", "edition": 19, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-10-30T12:29:00", "title": "CVE-2018-0734", "type": "cve", "cwe": ["CWE-327"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0734"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:oracle:primavera_p6_professional_project_management:17.12", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:oracle:e-business_suite_technology_stack:1.0.1", "cpe:/a:netapp:oncommand_unified_manager:*", "cpe:/a:oracle:primavera_p6_professional_project_management:16.1", "cpe:/a:oracle:enterprise_manager_base_platform:12.1.0.5.0", "cpe:/a:oracle:primavera_p6_professional_project_management:18.8", "cpe:/a:oracle:enterprise_manager_ops_center:12.3.3", "cpe:/a:openssl:openssl:1.0.2p", "cpe:/a:oracle:e-business_suite_technology_stack:0.9.8", "cpe:/o:netapp:cn1610_firmware:-", "cpe:/a:oracle:primavera_p6_professional_project_management:15.2", "cpe:/a:oracle:mysql_enterprise_backup:4.1.2", "cpe:/a:oracle:api_gateway:11.1.2.4.0", "cpe:/a:netapp:cloud_backup:-", "cpe:/a:openssl:openssl:1.1.1", "cpe:/a:nodejs:node.js:8.14.0", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:nodejs:node.js:6.15.1", "cpe:/a:nodejs:node.js:10.14.1", "cpe:/a:netapp:steelstore:-", "cpe:/a:nodejs:node.js:11.4.0", "cpe:/a:oracle:primavera_p6_professional_project_management:16.2", "cpe:/a:netapp:snapcenter:-", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.56", "cpe:/a:oracle:enterprise_manager_base_platform:13.3.0.0.0", "cpe:/a:oracle:tuxedo:12.1.1.0.0", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.55", "cpe:/a:oracle:enterprise_manager_base_platform:13.2.0.0.0", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.57", "cpe:/a:netapp:storage_automation_store:-", "cpe:/a:oracle:primavera_p6_professional_project_management:15.1", "cpe:/a:openssl:openssl:1.1.0i", "cpe:/a:oracle:mysql_enterprise_backup:3.12.3", "cpe:/a:oracle:primavera_p6_professional_project_management:8.4", "cpe:/a:oracle:e-business_suite_technology_stack:1.0.0", "cpe:/a:netapp:santricity_smi-s_provider:-", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-0734", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0734", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:e-business_suite_technology_stack:0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql_enterprise_backup:3.12.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_professional_project_management:16.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_professional_project_management:15.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_professional_project_management:16.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:8.14.0:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:a:oracle:primavera_p6_professional_project_management:15.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:11.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:e-business_suite_technology_stack:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_professional_project_management:17.12:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:6.15.1:*:*:*:lts:*:*:*", "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:nodejs:node.js:10.14.1:*:*:*:lts:*:*:*", "cpe:2.3:a:oracle:e-business_suite_technology_stack:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.2p:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.1.0i:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_professional_project_management:18.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql_enterprise_backup:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_p6_professional_project_management:8.4:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-02T11:33:16", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-5407", "CVE-2018-0735"], "description": "Samuel Weiser discovered that OpenSSL incorrectly handled DSA signing. An \nattacker could possibly use this issue to perform a timing side-channel \nattack and recover private DSA keys. (CVE-2018-0734)\n\nSamuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. An \nattacker could possibly use this issue to perform a timing side-channel \nattack and recover private ECDSA keys. This issue only affected Ubuntu \n18.04 LTS and Ubuntu 18.10. (CVE-2018-0735)\n\nBilly Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri, \nand Alejandro Cabrera Aldaya discovered that Simultaneous Multithreading \n(SMT) architectures are vulnerable to side-channel leakage. This issue is \nknown as \"PortSmash\". An attacker could possibly use this issue to perform \na timing side-channel attack and recover private keys. (CVE-2018-5407)", "edition": 4, "modified": "2018-12-06T00:00:00", "published": "2018-12-06T00:00:00", "id": "USN-3840-1", "href": "https://ubuntu.com/security/notices/USN-3840-1", "title": "OpenSSL vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2021-02-01T07:28:11", "description": "Samuel Weiser discovered that OpenSSL incorrectly handled DSA signing.\nAn attacker could possibly use this issue to perform a timing\nside-channel attack and recover private DSA keys. (CVE-2018-0734)\n\nSamuel Weiser discovered that OpenSSL incorrectly handled ECDSA\nsigning. An attacker could possibly use this issue to perform a timing\nside-channel attack and recover private ECDSA keys. This issue only\naffected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-0735)\n\nBilly Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola\nTuveri, and Alejandro Cabrera Aldaya discovered that Simultaneous\nMultithreading (SMT) architectures are vulnerable to side-channel\nleakage. This issue is known as 'PortSmash'. An attacker could\npossibly use this issue to perform a timing side-channel attack and\nrecover private keys. (CVE-2018-5407).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2018-12-07T00:00:00", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : openssl, openssl1.0 vulnerabilities (USN-3840-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0734", "CVE-2018-5407", "CVE-2018-0735"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libssl1.1", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3840-1.NASL", "href": "https://www.tenable.com/plugins/nessus/119497", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3840-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119497);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/09/18 12:31:49\");\n\n script_cve_id(\"CVE-2018-0734\", \"CVE-2018-0735\", \"CVE-2018-5407\");\n script_xref(name:\"USN\", value:\"3840-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : openssl, openssl1.0 vulnerabilities (USN-3840-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Samuel Weiser discovered that OpenSSL incorrectly handled DSA signing.\nAn attacker could possibly use this issue to perform a timing\nside-channel attack and recover private DSA keys. (CVE-2018-0734)\n\nSamuel Weiser discovered that OpenSSL incorrectly handled ECDSA\nsigning. An attacker could possibly use this issue to perform a timing\nside-channel attack and recover private ECDSA keys. This issue only\naffected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-0735)\n\nBilly Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola\nTuveri, and Alejandro Cabrera Aldaya discovered that Simultaneous\nMultithreading (SMT) architectures are vulnerable to side-channel\nleakage. This issue is known as 'PortSmash'. An attacker could\npossibly use this issue to perform a timing side-channel attack and\nrecover private keys. (CVE-2018-5407).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3840-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libssl1.0.0 and / or libssl1.1 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libssl1.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|18\\.04|18\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 18.04 / 18.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.1f-1ubuntu2.27\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.2g-1ubuntu4.14\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.2n-1ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libssl1.1\", pkgver:\"1.1.0g-2ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libssl1.0.0\", pkgver:\"1.0.2n-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libssl1.1\", pkgver:\"1.1.1-1ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libssl1.0.0 / libssl1.1\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-02-01T01:08:41", "description": "An update of the openssl package has been released.", "edition": 18, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-02-07T00:00:00", "title": "Photon OS 1.0: Openssl PHSA-2018-1.0-0199", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0734", "CVE-2018-5407", "CVE-2018-0735"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:openssl", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2018-1_0-0199_OPENSSL.NASL", "href": "https://www.tenable.com/plugins/nessus/121899", "sourceData": "#\n# (C) Tenable Network Security, Inc.`\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-1.0-0199. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121899);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/04/02 21:54:17\");\n\n script_cve_id(\"CVE-2018-0734\", \"CVE-2018-0735\", \"CVE-2018-5407\");\n\n script_name(english:\"Photon OS 1.0: Openssl PHSA-2018-1.0-0199\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the openssl package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-199.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0735\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openssl-1.0.2q-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openssl-1.0.2q-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openssl-1.0.2q-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openssl-debuginfo-1.0.2q-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openssl-debuginfo-1.0.2q-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openssl-debuginfo-1.0.2q-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openssl-devel-1.0.2q-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openssl-devel-1.0.2q-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openssl-devel-1.0.2q-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openssl-perl-1.0.2q-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openssl-perl-1.0.2q-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"openssl-perl-1.0.2q-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-11-05T09:26:28", "description": "The version of Oracle Tuxedo installed on the remote host is missing\na security patch. It is, therefore, affected by multiple\nvulnerabilities:\n \n - An information disclosure vulnerability exists in OpenSSL \n due to the potential for a side-channel timing attack. \n An unauthenticated attacker can exploit this to disclose \n potentially sensitive information. \n (CVE-2018-0734, CVE-2018-0735, CVE-2018-5407)\n", "edition": 15, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-04-19T00:00:00", "title": "Oracle Tuxedo Multiple Vulnerabilities (Apr 2019 CPU)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0734", "CVE-2018-5407", "CVE-2018-0735"], "modified": "2019-04-19T00:00:00", "cpe": ["cpe:/a:oracle:tuxedo", "cpe:/a:oracle:fusion_middleware"], "id": "ORACLE_TUXEDO_CPU_APR_2019.NASL", "href": "https://www.tenable.com/plugins/nessus/124171", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124171);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/04\");\n\n script_cve_id(\n \"CVE-2018-0734\",\n \"CVE-2018-0735\",\n \"CVE-2018-5407\"\n );\n script_bugtraq_id(\n 105750,\n 105758,\n 105897\n );\n script_xref(name:\"IAVA\", value:\"2019-A-0128\");\n \n script_name(english:\"Oracle Tuxedo Multiple Vulnerabilities (Apr 2019 CPU)\");\n script_summary(english:\"Checks for the patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application server installed on the remote host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle Tuxedo installed on the remote host is missing\na security patch. It is, therefore, affected by multiple\nvulnerabilities:\n \n - An information disclosure vulnerability exists in OpenSSL \n due to the potential for a side-channel timing attack. \n An unauthenticated attacker can exploit this to disclose \n potentially sensitive information. \n (CVE-2018-0734, CVE-2018-0735, CVE-2018-5407)\n\");\n # https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9166970d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the April 2019 Oracle\nCritical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0734\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:fusion_middleware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:tuxedo\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_tuxedo_installed.nbin\");\n script_require_keys(\"installed_sw/Oracle Tuxedo\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('oracle_rdbms_cpu_func.inc');\ninclude('misc_func.inc');\ninclude('install_func.inc');\n\napp_name = 'Oracle Tuxedo';\ninstall = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);\nversion = install['version'];\nrp = install['RP'];\npath = install['path'];\nrp_fix = 99;\n\nif (version !~ \"^12\\.1\\.1\\.0($|\\.|_)\") \n audit(AUDIT_INST_PATH_NOT_VULN, app_name, version + ' RP ' + rp, path);\n\nif (rp == UNKNOWN_VER || rp < rp_fix)\n{\n items = make_array('Path', path,\n 'Version', version,\n 'RP', rp,\n 'Required RP', rp_fix\n );\n order = make_list('Path', 'Version', 'RP', 'Required RP');\n report = report_items_str(report_items:items, ordered_fields:order);\n security_report_v4(port:0, extra:report, severity:SECURITY_WARNING);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, version + ' RP ' + rp, path);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T09:40:06", "description": "CVE-2018-0735 Samuel Weiser reported a timing vulnerability in the\nOpenSSL ECDSA signature generation, which might leak information to\nrecover the private key.\n\nCVE-2018-5407 Alejandro Cabrera Aldaya, Billy Brumley, Sohaib ul\nHassan, Cesar Pereida Garcia and Nicola Tuveri reported a\nvulnerability to a timing side channel attack, which might be used to\nrecover the private key.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1.0.1t-1+deb8u10.\n\nWe recommend that you upgrade your openssl packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 22, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2018-11-23T00:00:00", "title": "Debian DLA-1586-1 : openssl security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5407", "CVE-2018-0735"], "modified": "2018-11-23T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libcrypto1.0.0-udeb", "cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:libssl1.0.0", "p-cpe:/a:debian:debian_linux:libssl-dev", "p-cpe:/a:debian:debian_linux:libssl-doc", "p-cpe:/a:debian:debian_linux:libssl1.0.0-dbg", "p-cpe:/a:debian:debian_linux:openssl"], "id": "DEBIAN_DLA-1586.NASL", "href": "https://www.tenable.com/plugins/nessus/119103", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1586-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119103);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-0735\", \"CVE-2018-5407\");\n\n script_name(english:\"Debian DLA-1586-1 : openssl security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2018-0735 Samuel Weiser reported a timing vulnerability in the\nOpenSSL ECDSA signature generation, which might leak information to\nrecover the private key.\n\nCVE-2018-5407 Alejandro Cabrera Aldaya, Billy Brumley, Sohaib ul\nHassan, Cesar Pereida Garcia and Nicola Tuveri reported a\nvulnerability to a timing side channel attack, which might be used to\nrecover the private key.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1.0.1t-1+deb8u10.\n\nWe recommend that you upgrade your openssl packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/openssl\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcrypto1.0.0-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl1.0.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libssl1.0.0-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libcrypto1.0.0-udeb\", reference:\"1.0.1t-1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl-dev\", reference:\"1.0.1t-1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl-doc\", reference:\"1.0.1t-1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl1.0.0\", reference:\"1.0.1t-1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libssl1.0.0-dbg\", reference:\"1.0.1t-1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"openssl\", reference:\"1.0.1t-1+deb8u10\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-03-18T03:03:38", "description": "This update for openssl-1_1 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-0734: Fixed timing vulnerability in DSA signature generation\n(bsc#1113652).\n\nCVE-2018-0735: Fixed timing vulnerability in ECDSA signature\ngeneration (bsc#1113651).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-01-02T00:00:00", "title": "SUSE SLED15 / SLES15 Security Update : openssl-1_1 (SUSE-SU-2018:3863-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0734", "CVE-2018-0735"], "modified": "2019-01-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:libopenssl1_1-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:openssl-1_1-debugsource", "p-cpe:/a:novell:suse_linux:libopenssl1_1", "p-cpe:/a:novell:suse_linux:libopenssl-1_1-devel", "p-cpe:/a:novell:suse_linux:libopenssl1_1-debuginfo", "p-cpe:/a:novell:suse_linux:openssl-1_1-debuginfo", "p-cpe:/a:novell:suse_linux:openssl", "p-cpe:/a:novell:suse_linux:libopenssl1_1-hmac"], "id": "SUSE_SU-2018-3863-1.NASL", "href": "https://www.tenable.com/plugins/nessus/120166", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3863-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120166);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/16\");\n\n script_cve_id(\"CVE-2018-0734\", \"CVE-2018-0735\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : openssl-1_1 (SUSE-SU-2018:3863-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssl-1_1 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-0734: Fixed timing vulnerability in DSA signature generation\n(bsc#1113652).\n\nCVE-2018-0735: Fixed timing vulnerability in ECDSA signature\ngeneration (bsc#1113651).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-0734/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-0735/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183863-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?22b4b45d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2018-2758=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2018-2758=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl-1_1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libopenssl1_1-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-1_1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssl-1_1-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_1-32bit-1.1.0i-4.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_1-32bit-debuginfo-1.1.0i-4.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_1-hmac-32bit-1.1.0i-4.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libopenssl-1_1-devel-1.1.0i-4.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libopenssl1_1-1.1.0i-4.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libopenssl1_1-debuginfo-1.1.0i-4.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libopenssl1_1-hmac-1.1.0i-4.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"openssl-1_1-1.1.0i-4.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"openssl-1_1-debuginfo-1.1.0i-4.15.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"openssl-1_1-debugsource-1.1.0i-4.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_1-32bit-1.1.0i-4.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_1-32bit-debuginfo-1.1.0i-4.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libopenssl1_1-hmac-32bit-1.1.0i-4.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libopenssl-1_1-devel-1.1.0i-4.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libopenssl1_1-1.1.0i-4.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libopenssl1_1-debuginfo-1.1.0i-4.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libopenssl1_1-hmac-1.1.0i-4.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"openssl-1_1-1.1.0i-4.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"openssl-1_1-debuginfo-1.1.0i-4.15.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"openssl-1_1-debugsource-1.1.0i-4.15.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl-1_1\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-02-01T02:46:31", "description": "The OpenSSL project reports :\n\nTiming vulnerability in ECDSA signature generation (CVE-2018-0735):\nThe OpenSSL ECDSA signature algorithm has been shown to be vulnerable\nto a timing side channel attack. An attacker could use variations in\nthe signing algorithm to recover the private key (Low).\n\nTiming vulnerability in DSA signature generation (CVE-2018-0734) :\nAvoid a timing attack that leaks information via a side channel that\ntriggers when a BN is resized. Increasing the size of the BNs prior to\ndoing anything with them suppresses the attack (Low).", "edition": 25, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2018-10-30T00:00:00", "title": "FreeBSD : OpenSSL -- Multiple vulnerabilities in 1.1 branch (238ae7de-dba2-11e8-b713-b499baebfeaf)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0734", "CVE-2018-0735"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:libressl-devel", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:openssl111", "p-cpe:/a:freebsd:freebsd:libressl", "p-cpe:/a:freebsd:freebsd:openssl-devel"], "id": "FREEBSD_PKG_238AE7DEDBA211E8B713B499BAEBFEAF.NASL", "href": "https://www.tenable.com/plugins/nessus/118496", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118496);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/01/30 9:29:41\");\n\n script_cve_id(\"CVE-2018-0734\", \"CVE-2018-0735\");\n\n script_name(english:\"FreeBSD : OpenSSL -- Multiple vulnerabilities in 1.1 branch (238ae7de-dba2-11e8-b713-b499baebfeaf)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The OpenSSL project reports :\n\nTiming vulnerability in ECDSA signature generation (CVE-2018-0735):\nThe OpenSSL ECDSA signature algorithm has been shown to be vulnerable\nto a timing side channel attack. An attacker could use variations in\nthe signing algorithm to recover the private key (Low).\n\nTiming vulnerability in DSA signature generation (CVE-2018-0734) :\nAvoid a timing attack that leaks information via a side channel that\ntriggers when a BN is resized. Increasing the size of the BNs prior to\ndoing anything with them suppresses the attack (Low).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20181029.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/openssl/openssl/commit/8abfe72e\"\n );\n # https://vuxml.freebsd.org/freebsd/238ae7de-dba2-11e8-b713-b499baebfeaf.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ca1e56e7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libressl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libressl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssl111\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"openssl-devel<1.1.0i_1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"openssl111<1.1.1_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"libressl>=2.8.0<2.8.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"libressl-devel>=2.8.0<2.8.3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-02-01T04:55:58", "description": "According to its banner, the version of OpenSSL running on the remote\nhost is 1.1.0 prior to 1.1.0j. It is, therefore, affected by a denial\nof service vulnerability, a cache timing side channel vulnerability,\nand a microarchitecture timing side channel attack.", "edition": 21, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-01-25T00:00:00", "title": "OpenSSL 1.1.0 < 1.1.0j Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0734", "CVE-2018-0735"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_1_0J.NASL", "href": "https://www.tenable.com/plugins/nessus/121384", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121384);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/10/31 15:18:51\");\n\n script_cve_id(\"CVE-2018-0734\", \"CVE-2018-0735\");\n script_bugtraq_id(105750, 105758);\n\n script_name(english:\"OpenSSL 1.1.0 < 1.1.0j Multiple Vulnerabilities\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A service running on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of OpenSSL running on the remote\nhost is 1.1.0 prior to 1.1.0j. It is, therefore, affected by a denial\nof service vulnerability, a cache timing side channel vulnerability,\nand a microarchitecture timing side channel attack.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20181030.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20181029.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the vendor patch or upgrade to OpenSSL version 1.1.0j or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0734\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.1.0j', min:\"1.1.0\", severity:SECURITY_WARNING);\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-20T20:25:18", "description": "This update for openssl-1_1 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-0734: timing vulnerability in DSA signature\n generation (bsc#1113652).\n\n - CVE-2018-0735: timing vulnerability in ECDSA signature\n generation (bsc#1113651).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 16, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2018-11-26T00:00:00", "title": "openSUSE Security Update : openssl-1_1 (openSUSE-2018-1465)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0734", "CVE-2018-0735"], "modified": "2018-11-26T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:openssl-1_1-debugsource", "p-cpe:/a:novell:opensuse:libopenssl-1_1-devel", "p-cpe:/a:novell:opensuse:openssl-1_1-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_1-hmac-32bit", "cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:libopenssl1_1-hmac", "p-cpe:/a:novell:opensuse:libopenssl-1_1-devel-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_1-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_1-32bit-debuginfo", "p-cpe:/a:novell:opensuse:openssl-1_1", "p-cpe:/a:novell:opensuse:libopenssl1_1", "p-cpe:/a:novell:opensuse:libopenssl1_1-32bit"], "id": "OPENSUSE-2018-1465.NASL", "href": "https://www.tenable.com/plugins/nessus/119140", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1465.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119140);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-0734\", \"CVE-2018-0735\");\n\n script_name(english:\"openSUSE Security Update : openssl-1_1 (openSUSE-2018-1465)\");\n script_summary(english:\"Check for the openSUSE-2018-1465 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssl-1_1 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-0734: timing vulnerability in DSA signature\n generation (bsc#1113652).\n\n - CVE-2018-0735: timing vulnerability in ECDSA signature\n generation (bsc#1113651).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113652\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl-1_1 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-1_1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-1_1-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_1-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_1-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_1-hmac-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-1_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-1_1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-1_1-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libopenssl-1_1-devel-1.1.0i-lp150.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libopenssl1_1-1.1.0i-lp150.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libopenssl1_1-debuginfo-1.1.0i-lp150.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libopenssl1_1-hmac-1.1.0i-lp150.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"openssl-1_1-1.1.0i-lp150.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"openssl-1_1-debuginfo-1.1.0i-lp150.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"openssl-1_1-debugsource-1.1.0i-lp150.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libopenssl-1_1-devel-32bit-1.1.0i-lp150.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libopenssl1_1-32bit-1.1.0i-lp150.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libopenssl1_1-32bit-debuginfo-1.1.0i-lp150.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libopenssl1_1-hmac-32bit-1.1.0i-lp150.3.15.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-1_1-devel / libopenssl1_1 / libopenssl1_1-debuginfo / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-20T12:54:37", "description": "This update for openssl-1_1 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-0734: timing vulnerability in DSA signature\n generation (bsc#1113652).\n\n - CVE-2018-0735: timing vulnerability in ECDSA signature\n generation (bsc#1113651).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 15, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-03-27T00:00:00", "title": "openSUSE Security Update : openssl-1_1 (openSUSE-2019-956)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0734", "CVE-2018-0735"], "modified": "2019-03-27T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:openssl-1_1-debugsource", "p-cpe:/a:novell:opensuse:libopenssl-1_1-devel", "p-cpe:/a:novell:opensuse:openssl-1_1-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_1-hmac-32bit", "cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:libopenssl1_1-hmac", "p-cpe:/a:novell:opensuse:libopenssl-1_1-devel-32bit", "p-cpe:/a:novell:opensuse:libopenssl1_1-debuginfo", "p-cpe:/a:novell:opensuse:libopenssl1_1-32bit-debuginfo", "p-cpe:/a:novell:opensuse:openssl-1_1", "p-cpe:/a:novell:opensuse:libopenssl1_1", "p-cpe:/a:novell:opensuse:libopenssl1_1-32bit"], "id": "OPENSUSE-2019-956.NASL", "href": "https://www.tenable.com/plugins/nessus/123386", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-956.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123386);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-0734\", \"CVE-2018-0735\");\n\n script_name(english:\"openSUSE Security Update : openssl-1_1 (openSUSE-2019-956)\");\n script_summary(english:\"Check for the openSUSE-2019-956 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for openssl-1_1 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-0734: timing vulnerability in DSA signature\n generation (bsc#1113652).\n\n - CVE-2018-0735: timing vulnerability in ECDSA signature\n generation (bsc#1113651).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113652\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl-1_1 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-1_1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-1_1-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_1-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_1-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl1_1-hmac-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-1_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-1_1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-1_1-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libopenssl-1_1-devel-1.1.0i-lp150.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libopenssl1_1-1.1.0i-lp150.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libopenssl1_1-debuginfo-1.1.0i-lp150.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"libopenssl1_1-hmac-1.1.0i-lp150.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"openssl-1_1-1.1.0i-lp150.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"openssl-1_1-debuginfo-1.1.0i-lp150.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"openssl-1_1-debugsource-1.1.0i-lp150.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libopenssl-1_1-devel-32bit-1.1.0i-lp150.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libopenssl1_1-32bit-1.1.0i-lp150.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libopenssl1_1-32bit-debuginfo-1.1.0i-lp150.3.15.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"libopenssl1_1-hmac-32bit-1.1.0i-lp150.3.15.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-1_1-devel / libopenssl-1_1-devel-32bit / libopenssl1_1 / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-02-01T04:55:59", "description": "According to its banner, the version of OpenSSL running on the remote\nhost is 1.1.0 prior to 1.1.1a. It is, therefore, affected by a denial\nof service vulnerability, a cache timing side channel vulnerability,\nand a microarchitecture timing side channel attack.", "edition": 21, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-01-25T00:00:00", "title": "OpenSSL 1.1.1 < 1.1.1a Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0734", "CVE-2018-0735"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_1_1A.NASL", "href": "https://www.tenable.com/plugins/nessus/121385", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121385);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/10/31 15:18:51\");\n\n script_cve_id(\"CVE-2018-0734\", \"CVE-2018-0735\");\n script_bugtraq_id(105750, 105758);\n\n script_name(english:\"OpenSSL 1.1.1 < 1.1.1a Multiple Vulnerabilities\");\n script_summary(english:\"Performs a banner check.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A service running on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of OpenSSL running on the remote\nhost is 1.1.0 prior to 1.1.1a. It is, therefore, affected by a denial\nof service vulnerability, a cache timing side channel vulnerability,\nand a microarchitecture timing side channel attack.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20181030.txt\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/news/secadv/20181029.txt\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the vendor patch or upgrade to OpenSSL version 1.1.1a or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0734\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"openssl_version.nasl\");\n script_require_keys(\"openssl/port\");\n\n exit(0);\n}\n\ninclude(\"openssl_version.inc\");\n\nopenssl_check_version(fixed:'1.1.1a', min:\"1.1.1\", severity:SECURITY_WARNING);\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:55", "bulletinFamily": "software", "cvelist": ["CVE-2018-0734", "CVE-2018-5407", "CVE-2018-0735"], "description": "# \n\n# Severity\n\nLow\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n * Canonical Ubuntu 16.04\n * Canonical Ubuntu 18.04\n\n# Description\n\nSamuel Weiser discovered that OpenSSL incorrectly handled DSA signing. An attacker could possibly use this issue to perform a timing side-channel attack and recover private DSA keys. (CVE-2018-0734)\n\nSamuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-0735)\n\nBilly Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri, and Alejandro Cabrera Aldaya discovered that Simultaneous Multithreading (SMT) architectures are vulnerable to side-channel leakage. This issue is known as \u201cPortSmash\u201d. An attacker could possibly use this issue to perform a timing side-channel attack and recover private keys. (CVE-2018-5407)\n\nCVEs contained in this USN include: CVE-2018-0734, CVE-2018-0735, CVE-2018-5407\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is low unless otherwise noted._\n\n * Cloud Foundry BOSH trusty-stemcells are vulnerable, including: \n * 3586.x versions prior to 3586.65\n * 3541.x versions prior to 3541.69\n * 3468.x versions prior to 3468.90\n * 3445.x versions prior to 3445.87\n * 3421.x versions prior to 3421.104\n * All other stemcells not listed.\n * Cloud Foundry BOSH xenial-stemcells are vulnerable, including: \n * 170.x versions prior to 170.14\n * 97.x versions prior to 97.41\n * All other stemcells not listed.\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.254.0\n * All versions of Cloud Foundry cflinuxfs3 prior to 0.46.0\n\n# Mitigation\n\nUsers of affected products are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH trusty-stemcells: \n * Upgrade 3586.x versions to 3586.65\n * Upgrade 3541.x versions to 3541.69\n * Upgrade 3468.x versions to 3468.90\n * Upgrade 3445.x versions to 3445.87\n * Upgrade 3421.x versions to 3421.104\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-trusty>).\n * The Cloud Foundry project recommends upgrading the following BOSH xenial-stemcells: \n * Upgrade 170.x versions to 170.14\n * Upgrade 97.x versions to 97.41\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-xenial>).\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.254.0 or later.\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs3 version 0.46.0 or later.\n\n# References\n\n * [USN-3840-1](<https://usn.ubuntu.com/3840-1>)\n * [CVE-2018-0734](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-0734>)\n * [CVE-2018-0735](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-0735>)\n * [CVE-2018-5407](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-5407>)\n", "edition": 3, "modified": "2018-12-27T00:00:00", "published": "2018-12-27T00:00:00", "id": "CFOUNDRY:DCF842DDD89D1624E7B2FFAA64957639", "href": "https://www.cloudfoundry.org/blog/usn-3840-1/", "title": "USN-3840-1: OpenSSL vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:32:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0735"], "description": "This host is running OpenSSL and is prone\n to an information disclosure vulnerability.", "modified": "2019-02-27T00:00:00", "published": "2018-11-01T00:00:00", "id": "OPENVAS:1361412562310112408", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112408", "type": "openvas", "title": "OpenSSL: Timing vulnerability in ECDSA signature generation (CVE-2018-0735) (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_openssl_secadv_20181029_lin.nasl 13898 2019-02-27 08:37:43Z cfischer $\n#\n# OpenSSL: Timing vulnerability in ECDSA signature generation (CVE-2018-0735) (Linux)\n#\n# Authors:\n# Adrian Steins <adrian.steins@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112408\");\n script_version(\"$Revision: 13898 $\");\n script_cve_id(\"CVE-2018-0735\");\n script_bugtraq_id(105750);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-27 09:37:43 +0100 (Wed, 27 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-11-01 10:02:33 +0100 (Thu, 01 Nov 2018)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"OpenSSL: Timing vulnerability in ECDSA signature generation (CVE-2018-0735) (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running OpenSSL and is prone\n to an information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a\n timing side channel attack. An attacker could use variations in the signing\n algorithm to recover the private key.\");\n\n script_tag(name:\"impact\", value:\"A remote user that can conduct a man-in-the-middle attack can exploit a\n timing vulnerability in its ECDSA signature algorithm to cause the target system to disclose private keys.\");\n\n script_tag(name:\"affected\", value:\"OpenSSL versions 1.1.0-1.1.0i and 1.1.1.\");\n\n script_tag(name:\"solution\", value:\"Upgrade OpenSSL to version 1.1.0j-dev, 1.1.1a-dev or manually apply the fixes via Github.\n See the references for more details.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://www.openssl.org/news/secadv/20181029.txt\");\n script_xref(name:\"URL\", value:\"https://www.securitytracker.com/id/1041986\");\n script_xref(name:\"URL\", value:\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1\");\n script_xref(name:\"URL\", value:\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_openssl_detect.nasl\", \"gb_openssl_detect_lin.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"openssl/detected\", \"Host/runs_unixoide\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:openssl:openssl\";\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(port = get_app_port(cpe:CPE))) exit(0);\nif(!infos = get_app_version_and_location(cpe:CPE, port:port, exit_no_version:TRUE)) exit(0);\n\nvers = infos['version'];\npath = infos['location'];\n\nif(version_in_range(version:vers, test_version:\"1.1.0\", test_version2:\"1.1.0i\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"1.1.0j-dev\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n}\n\nif(version_is_equal(version:vers, test_version:\"1.1.1\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"1.1.1a-dev\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:32:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0735"], "description": "This host is running OpenSSL and is prone\n to an information disclosure vulnerability.", "modified": "2019-02-27T00:00:00", "published": "2018-11-01T00:00:00", "id": "OPENVAS:1361412562310112409", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112409", "type": "openvas", "title": "OpenSSL: Timing vulnerability in ECDSA signature generation (CVE-2018-0735) (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_openssl_secadv_20181029_win.nasl 13898 2019-02-27 08:37:43Z cfischer $\n#\n# OpenSSL: Timing vulnerability in ECDSA signature generation (CVE-2018-0735) (Windows)\n#\n# Authors:\n# Adrian Steins <adrian.steins@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112409\");\n script_version(\"$Revision: 13898 $\");\n script_cve_id(\"CVE-2018-0735\");\n script_bugtraq_id(105750);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-27 09:37:43 +0100 (Wed, 27 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-11-01 10:02:33 +0100 (Thu, 01 Nov 2018)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"OpenSSL: Timing vulnerability in ECDSA signature generation (CVE-2018-0735) (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is running OpenSSL and is prone\n to an information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a\n timing side channel attack. An attacker could use variations in the signing\n algorithm to recover the private key.\");\n\n script_tag(name:\"impact\", value:\"A remote user that can conduct a man-in-the-middle attack can exploit a\n timing vulnerability in its ECDSA signature algorithm to cause the target system to disclose private keys.\");\n\n script_tag(name:\"affected\", value:\"OpenSSL versions 1.1.0-1.1.0i and 1.1.1.\");\n\n script_tag(name:\"solution\", value:\"Upgrade OpenSSL to version 1.1.0j-dev, 1.1.1a-dev or manually apply the fixes via Github.\n See the references for more details.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://www.openssl.org/news/secadv/20181029.txt\");\n script_xref(name:\"URL\", value:\"https://www.securitytracker.com/id/1041986\");\n script_xref(name:\"URL\", value:\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1\");\n script_xref(name:\"URL\", value:\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_openssl_detect.nasl\", \"gb_openssl_detect_win.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"openssl/detected\", \"Host/runs_windows\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:openssl:openssl\";\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(port = get_app_port(cpe:CPE))) exit(0);\nif(!infos = get_app_version_and_location(cpe:CPE, port:port, exit_no_version:TRUE)) exit(0);\n\nvers = infos['version'];\npath = infos['location'];\n\nif(version_in_range(version:vers, test_version:\"1.1.0\", test_version2:\"1.1.0i\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"1.1.0j-dev\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n}\n\nif(version_is_equal(version:vers, test_version:\"1.1.1\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"1.1.1a-dev\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:32:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5407"], "description": "This host is running OpenSSL and is prone\n to an information disclosure vulnerability.", "modified": "2019-02-27T00:00:00", "published": "2018-11-22T00:00:00", "id": "OPENVAS:1361412562310108483", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108483", "type": "openvas", "title": "OpenSSL: Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_openssl_secadv_20181112_lin.nasl 13898 2019-02-27 08:37:43Z cfischer $\n#\n# OpenSSL: Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) (Linux)\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:openssl:openssl\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108483\");\n script_version(\"$Revision: 13898 $\");\n script_cve_id(\"CVE-2018-5407\");\n script_bugtraq_id(105897);\n script_tag(name:\"cvss_base\", value:\"1.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-27 09:37:43 +0100 (Wed, 27 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-11-22 07:48:19 +0100 (Thu, 22 Nov 2018)\");\n script_name(\"OpenSSL: Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) (Linux)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_openssl_detect.nasl\", \"gb_openssl_detect_lin.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"openssl/detected\", \"Host/runs_unixoide\");\n\n script_xref(name:\"URL\", value:\"https://www.openssl.org/news/secadv/20181112.txt\");\n script_xref(name:\"URL\", value:\"https://www.openssl.org/news/vulnerabilities.html\");\n script_xref(name:\"URL\", value:\"https://github.com/openssl/openssl/commit/aab7c770353b1dc4ba045938c8fb446dd1c4531e\");\n script_xref(name:\"URL\", value:\"https://github.com/openssl/openssl/commit/b18162a7c9bbfb57112459a4d6631fa258fd8c0cq\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/105897\");\n script_xref(name:\"URL\", value:\"https://eprint.iacr.org/2018/1060.pdf\");\n script_xref(name:\"URL\", value:\"https://github.com/bbbrumley/portsmash\");\n script_xref(name:\"URL\", value:\"https://www.exploit-db.com/exploits/45785/\");\n\n script_tag(name:\"summary\", value:\"This host is running OpenSSL and is prone\n to an information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH,\n has been shown to be vulnerable to a microarchitecture timing side channel attack.\");\n\n script_tag(name:\"impact\", value:\"An attacker with sufficient access to mount local timing attacks\n during ECDSA signature generation could recover the private key.\");\n\n script_tag(name:\"affected\", value:\"OpenSSL versions 1.1.0-1.1.0h and 1.0.2-1.0.2p.\");\n\n script_tag(name:\"solution\", value:\"Upgrade OpenSSL to version 1.0.2q, 1.1.0i or later. See the references for more details.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos['version'];\npath = infos['location'];\n\nif( version_in_range( version:vers, test_version:\"1.1.0\", test_version2:\"1.1.0h\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"1.1.0i\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nif( version_in_range( version:vers, test_version:\"1.0.2\", test_version2:\"1.0.2p\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"1.0.2q\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:32:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5407"], "description": "This host is running OpenSSL and is prone\n to an information disclosure vulnerability.", "modified": "2019-02-27T00:00:00", "published": "2018-11-22T00:00:00", "id": "OPENVAS:1361412562310108484", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108484", "type": "openvas", "title": "OpenSSL: Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_openssl_secadv_20181112_win.nasl 13898 2019-02-27 08:37:43Z cfischer $\n#\n# OpenSSL: Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) (Windows)\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:openssl:openssl\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108484\");\n script_version(\"$Revision: 13898 $\");\n script_cve_id(\"CVE-2018-5407\");\n script_bugtraq_id(105897);\n script_tag(name:\"cvss_base\", value:\"1.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-27 09:37:43 +0100 (Wed, 27 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-11-22 07:48:19 +0100 (Thu, 22 Nov 2018)\");\n script_name(\"OpenSSL: Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) (Windows)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_openssl_detect.nasl\", \"gb_openssl_detect_win.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"openssl/detected\", \"Host/runs_windows\");\n\n script_xref(name:\"URL\", value:\"https://www.openssl.org/news/secadv/20181112.txt\");\n script_xref(name:\"URL\", value:\"https://www.openssl.org/news/vulnerabilities.html\");\n script_xref(name:\"URL\", value:\"https://github.com/openssl/openssl/commit/aab7c770353b1dc4ba045938c8fb446dd1c4531e\");\n script_xref(name:\"URL\", value:\"https://github.com/openssl/openssl/commit/b18162a7c9bbfb57112459a4d6631fa258fd8c0cq\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/105897\");\n script_xref(name:\"URL\", value:\"https://eprint.iacr.org/2018/1060.pdf\");\n script_xref(name:\"URL\", value:\"https://github.com/bbbrumley/portsmash\");\n script_xref(name:\"URL\", value:\"https://www.exploit-db.com/exploits/45785/\");\n\n script_tag(name:\"summary\", value:\"This host is running OpenSSL and is prone\n to an information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH,\n has been shown to be vulnerable to a microarchitecture timing side channel attack.\");\n\n script_tag(name:\"impact\", value:\"An attacker with sufficient access to mount local timing attacks\n during ECDSA signature generation could recover the private key.\");\n\n script_tag(name:\"affected\", value:\"OpenSSL versions 1.1.0-1.1.0h and 1.0.2-1.0.2p.\");\n\n script_tag(name:\"solution\", value:\"Upgrade OpenSSL to version 1.0.2q, 1.1.0i or later. See the references for more details.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos['version'];\npath = infos['location'];\n\nif( version_in_range( version:vers, test_version:\"1.1.0\", test_version2:\"1.1.0h\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"1.1.0i\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nif( version_in_range( version:vers, test_version:\"1.0.2\", test_version2:\"1.0.2p\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"1.0.2q\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:32:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0734"], "description": "This host is running OpenSSL and is prone\n to an information disclosure vulnerability.", "modified": "2019-02-27T00:00:00", "published": "2018-11-01T00:00:00", "id": "OPENVAS:1361412562310112410", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112410", "type": "openvas", "title": "OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734) (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_openssl_secadv_20181030_win.nasl 13898 2019-02-27 08:37:43Z cfischer $\n#\n# OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734) (Windows)\n#\n# Authors:\n# Adrian Steins <adrian.steins@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112410\");\n script_version(\"$Revision: 13898 $\");\n script_cve_id(\"CVE-2018-0734\");\n script_bugtraq_id(105758);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-27 09:37:43 +0100 (Wed, 27 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-11-01 10:16:23 +0100 (Thu, 01 Nov 2018)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734) (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is running OpenSSL and is prone\n to an information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"The OpenSSL DSA signature algorithm has been shown to be vulnerable to a\n timing side channel attack. An attacker could use variations in the signing\n algorithm to recover the private key.\");\n\n script_tag(name:\"affected\", value:\"OpenSSL versions 1.1.0-1.1.0i, 1.1.1 and 1.0.2-1.0.2p.\");\n\n script_tag(name:\"solution\", value:\"Upgrade OpenSSL to version 1.1.0j-dev, 1.1.1a-dev, 1.0.2q-dev or manually apply the fixes via Github.\n See the references for more details.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://www.openssl.org/news/secadv/20181030.txt\");\n script_xref(name:\"URL\", value:\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac\");\n script_xref(name:\"URL\", value:\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f\");\n script_xref(name:\"URL\", value:\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_openssl_detect.nasl\", \"gb_openssl_detect_win.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"openssl/detected\", \"Host/runs_windows\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:openssl:openssl\";\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(port = get_app_port(cpe:CPE))) exit(0);\nif(!infos = get_app_version_and_location(cpe:CPE, port:port, exit_no_version:TRUE)) exit(0);\n\nvers = infos['version'];\npath = infos['location'];\n\nif(version_in_range(version:vers, test_version:\"1.1.0\", test_version2:\"1.1.0i\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"1.1.0j-dev\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n}\n\nif(version_is_equal(version:vers, test_version:\"1.1.1\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"1.1.1a-dev\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n}\n\nif(version_in_range(version:vers, test_version:\"1.0.2\", test_version2:\"1.0.2p\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"1.0.2q-dev\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:32:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0734"], "description": "This host is running OpenSSL and is prone\n to an information disclosure vulnerability.", "modified": "2019-02-27T00:00:00", "published": "2018-11-01T00:00:00", "id": "OPENVAS:1361412562310112411", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112411", "type": "openvas", "title": "OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734) (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_openssl_secadv_20181030_lin.nasl 13898 2019-02-27 08:37:43Z cfischer $\n#\n# OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734) (Linux)\n#\n# Authors:\n# Adrian Steins <adrian.steins@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112411\");\n script_version(\"$Revision: 13898 $\");\n script_cve_id(\"CVE-2018-0734\");\n script_bugtraq_id(105758);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-27 09:37:43 +0100 (Wed, 27 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-11-01 10:16:23 +0100 (Thu, 01 Nov 2018)\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_name(\"OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734) (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is running OpenSSL and is prone\n to an information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"The OpenSSL DSA signature algorithm has been shown to be vulnerable to a\n timing side channel attack. An attacker could use variations in the signing\n algorithm to recover the private key.\");\n\n script_tag(name:\"affected\", value:\"OpenSSL versions 1.1.0-1.1.0i, 1.1.1 and 1.0.2-1.0.2p.\");\n\n script_tag(name:\"solution\", value:\"Upgrade OpenSSL to version 1.1.0j-dev, 1.1.1a-dev, 1.0.2q-dev or manually apply the fixes via Github.\n See the references for more details.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"https://www.openssl.org/news/secadv/20181030.txt\");\n script_xref(name:\"URL\", value:\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac\");\n script_xref(name:\"URL\", value:\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f\");\n script_xref(name:\"URL\", value:\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_openssl_detect.nasl\", \"gb_openssl_detect_lin.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"openssl/detected\", \"Host/runs_unixoide\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:openssl:openssl\";\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(port = get_app_port(cpe:CPE))) exit(0);\nif(!infos = get_app_version_and_location(cpe:CPE, port:port, exit_no_version:TRUE)) exit(0);\n\nvers = infos['version'];\npath = infos['location'];\n\nif(version_in_range(version:vers, test_version:\"1.1.0\", test_version2:\"1.1.0i\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"1.1.0j-dev\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n}\n\nif(version_is_equal(version:vers, test_version:\"1.1.1\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"1.1.1a-dev\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n}\n\nif(version_in_range(version:vers, test_version:\"1.0.2\", test_version2:\"1.0.2p\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"1.0.2q-dev\", install_path:path);\n security_message(data:report, port:port);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-29T20:07:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-5407", "CVE-2018-0735"], "description": "CVE-2018-0735\nSamuel Weiser reported a timing vulnerability in the OpenSSL ECDSA\nsignature generation, which might leak information to recover the\nprivate key.\n\nCVE-2018-5407\nAlejandro Cabrera Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar\nPereida Garcia and Nicola Tuveri reported a vulnerability to a\ntiming side channel attack, which might be used to recover the\nprivate key.", "modified": "2020-01-29T00:00:00", "published": "2018-11-22T00:00:00", "id": "OPENVAS:1361412562310891586", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891586", "type": "openvas", "title": "Debian LTS: Security Advisory for openssl (DLA-1586-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891586\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-0735\", \"CVE-2018-5407\");\n script_name(\"Debian LTS: Security Advisory for openssl (DLA-1586-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-11-22 00:00:00 +0100 (Thu, 22 Nov 2018)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"openssl on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n1.0.1t-1+deb8u10.\n\nWe recommend that you upgrade your openssl packages.\");\n\n script_tag(name:\"summary\", value:\"CVE-2018-0735\nSamuel Weiser reported a timing vulnerability in the OpenSSL ECDSA\nsignature generation, which might leak information to recover the\nprivate key.\n\nCVE-2018-5407\nAlejandro Cabrera Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar\nPereida Garcia and Nicola Tuveri reported a vulnerability to a\ntiming side channel attack, which might be used to recover the\nprivate key.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.0.1t-1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.0.1t-1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libssl1.0.0\", ver:\"1.0.1t-1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libssl1.0.0-dbg\", ver:\"1.0.1t-1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openssl\", ver:\"1.0.1t-1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-31T17:37:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0734", "CVE-2018-0735"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2018-11-26T00:00:00", "id": "OPENVAS:1361412562310852145", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852145", "type": "openvas", "title": "openSUSE: Security Advisory for openssl-1_1 (openSUSE-SU-2018:3890-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852145\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-0734\", \"CVE-2018-0735\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-11-26 15:08:57 +0100 (Mon, 26 Nov 2018)\");\n script_name(\"openSUSE: Security Advisory for openssl-1_1 (openSUSE-SU-2018:3890-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:3890-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-11/msg00043.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl-1_1'\n package(s) announced via the openSUSE-SU-2018:3890-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for openssl-1_1 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-0734: timing vulnerability in DSA signature generation\n (bsc#1113652).\n\n - CVE-2018-0735: timing vulnerability in ECDSA signature generation\n (bsc#1113651).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2018-1465=1\");\n\n script_tag(name:\"affected\", value:\"openssl-1_1 on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-1_1-devel\", rpm:\"libopenssl-1_1-devel~1.1.0i~lp150.3.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_1\", rpm:\"libopenssl1_1~1.1.0i~lp150.3.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_1-debuginfo\", rpm:\"libopenssl1_1-debuginfo~1.1.0i~lp150.3.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_1-hmac\", rpm:\"libopenssl1_1-hmac~1.1.0i~lp150.3.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-1_1\", rpm:\"openssl-1_1~1.1.0i~lp150.3.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-1_1-debuginfo\", rpm:\"openssl-1_1-debuginfo~1.1.0i~lp150.3.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-1_1-debugsource\", rpm:\"openssl-1_1-debugsource~1.1.0i~lp150.3.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-1_1-doc\", rpm:\"openssl-1_1-doc~1.1.0i~lp150.3.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-1_1-devel-32bit\", rpm:\"libopenssl-1_1-devel-32bit~1.1.0i~lp150.3.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_1-32bit\", rpm:\"libopenssl1_1-32bit~1.1.0i~lp150.3.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_1-32bit-debuginfo\", rpm:\"libopenssl1_1-32bit-debuginfo~1.1.0i~lp150.3.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_1-hmac-32bit\", rpm:\"libopenssl1_1-hmac-32bit~1.1.0i~lp150.3.15.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-07-04T18:56:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0732", "CVE-2018-0734", "CVE-2018-5407", "CVE-2018-0735", "CVE-2018-0737"], "description": "Several local side channel attacks and a denial of service via large\nDiffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets\nLayer toolkit.", "modified": "2019-07-04T00:00:00", "published": "2018-11-30T00:00:00", "id": "OPENVAS:1361412562310704348", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704348", "type": "openvas", "title": "Debian Security Advisory DSA 4348-1 (openssl - security update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4348-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704348\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-0732\", \"CVE-2018-0734\", \"CVE-2018-0735\", \"CVE-2018-0737\", \"CVE-2018-5407\");\n script_name(\"Debian Security Advisory DSA 4348-1 (openssl - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-11-30 00:00:00 +0100 (Fri, 30 Nov 2018)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4348.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"openssl on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 1.1.0j-1~deb9u1. Going forward, openssl security updates for\nstretch will be based on the 1.1.0x upstream releases.\n\nWe recommend that you upgrade your openssl packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/openssl\");\n script_tag(name:\"summary\", value:\"Several local side channel attacks and a denial of service via large\nDiffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets\nLayer toolkit.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.1.0j-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libssl1.1\", ver:\"1.1.0j-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openssl\", ver:\"1.1.0j-1~deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-31T17:34:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0734", "CVE-2018-5407"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2018-12-10T00:00:00", "id": "OPENVAS:1361412562310852155", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852155", "type": "openvas", "title": "openSUSE: Security Advisory for openssl-1_0_0 (openSUSE-SU-2018:4050-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852155\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-0734\", \"CVE-2018-5407\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-12-10 07:36:20 +0100 (Mon, 10 Dec 2018)\");\n script_name(\"openSUSE: Security Advisory for openssl-1_0_0 (openSUSE-SU-2018:4050-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:4050-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00018.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl-1_0_0'\n package(s) announced via the openSUSE-SU-2018:4050-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for openssl-1_0_0 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation\n (bsc#1113652).\n\n - CVE-2018-5407: Added elliptic curve scalar multiplication timing attack\n defenses that fixes 'PortSmash' (bsc#1113534).\n\n Non-security issues fixed:\n\n - Added missing timing side channel patch for DSA signature generation\n (bsc#1113742).\n\n - Set TLS version to 0 in msg_callback for record messages to avoid\n confusing applications (bsc#1100078).\n\n - Fixed infinite loop in DSA generation with incorrect parameters\n (bsc#1112209)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2018-1518=1\");\n\n script_tag(name:\"affected\", value:\"openssl-1_0_0 on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-1_0_0-devel\", rpm:\"libopenssl-1_0_0-devel~1.0.2p~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0\", rpm:\"libopenssl1_0_0~1.0.2p~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-debuginfo\", rpm:\"libopenssl1_0_0-debuginfo~1.0.2p~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-hmac\", rpm:\"libopenssl1_0_0-hmac~1.0.2p~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-steam\", rpm:\"libopenssl1_0_0-steam~1.0.2p~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-steam-debuginfo\", rpm:\"libopenssl1_0_0-steam-debuginfo~1.0.2p~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-1_0_0\", rpm:\"openssl-1_0_0~1.0.2p~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-1_0_0-cavs\", rpm:\"openssl-1_0_0-cavs~1.0.2p~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-1_0_0-cavs-debuginfo\", rpm:\"openssl-1_0_0-cavs-debuginfo~1.0.2p~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-1_0_0-debuginfo\", rpm:\"openssl-1_0_0-debuginfo~1.0.2p~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-1_0_0-debugsource\", rpm:\"openssl-1_0_0-debugsource~1.0.2p~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-1_0_0-doc\", rpm:\"openssl-1_0_0-doc~1.0.2p~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl-1_0_0-devel-32bit\", rpm:\"libopenssl-1_0_0-devel-32bit~1.0.2p~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-32bit\", rpm:\"libopenssl1_0_0-32bit~1.0.2p~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-32bit-debuginfo\", rpm:\"libopenssl1_0_0-32bit-debuginfo~1.0.2p~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-hmac-32bit\", rpm:\"libopenssl1_0_0-hmac-32bit~1.0.2p~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-steam-32bit\", rpm:\"libopenssl1_0_0-steam-32bit~1.0.2p~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libopenssl1_0_0-steam-32bit-debuginfo\", rpm:\"libopenssl1_0_0-steam-32bit-debuginfo~1.0.2p~lp150.2.9.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "symantec": [{"lastseen": "2020-01-06T12:24:53", "bulletinFamily": "software", "cvelist": ["CVE-2018-0734"], "description": "### Description\n\nOpenSSL is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information. This may aid in further attacks.\n\n### Technologies Affected\n\n * Bluecoat BCAAA 6.1 \n * IBM AIX 5.3 \n * IBM AIX 6.1 \n * IBM AIX 7.1 \n * IBM Aix 7.2 \n * IBM DataPower Gateway 2018.4.1.0 \n * IBM DataPower Gateway 2018.4.1.2 \n * IBM DataPower Gateway 2018.4.1.5 \n * IBM DataPower Gateway 2018.4.1.6 \n * IBM DataPower Gateway 2018.4.1.8 \n * IBM DataPower Gateway 7.6.0.0 \n * IBM DataPower Gateway 7.6.0.10 \n * IBM DataPower Gateway 7.6.0.11 \n * IBM DataPower Gateway 7.6.0.12 \n * IBM DataPower Gateway 7.6.0.14 \n * IBM DataPower Gateway 7.6.0.15 \n * IBM DataPower Gateway 7.6.0.17 \n * IBM DataPower Gateway 7.6.0.3 \n * IBM DataPower Gateway 7.6.0.8 \n * IBM DataPower Gateway 7.6.0.9 \n * IBM DataPower Gateways 7.6.0.0 \n * IBM DataPower Gateways 7.6.0.1 \n * IBM DataPower Gateways 7.6.0.5 \n * IBM DataPower Gateways 7.6.0.6 \n * IBM DataPower Gateways 7.6.0.8 \n * IBM Vios 2.2.0 \n * IBM Vios 2.2.0.10 \n * IBM Vios 2.2.0.11 \n * IBM Vios 2.2.0.12 \n * IBM Vios 2.2.0.13 \n * IBM Vios 2.2.1.0 \n * IBM Vios 2.2.1.1 \n * IBM Vios 2.2.1.3 \n * IBM Vios 2.2.1.4 \n * IBM Vios 2.2.1.8 \n * IBM Vios 2.2.1.9 \n * IBM Vios 2.2.2.0 \n * IBM Vios 2.2.2.4 \n * IBM Vios 2.2.2.5 \n * IBM Vios 2.2.2.6 \n * IBM Vios 2.2.3 \n * IBM Vios 2.2.3.0 \n * IBM Vios 2.2.3.2 \n * IBM Vios 2.2.3.3 \n * IBM Vios 2.2.3.4 \n * IBM Vios 2.2.3.50 \n * IBM Vios 2.2.4.0 \n * OpenSSL Project OpenSSL 1.0.2 \n * OpenSSL Project OpenSSL 1.0.2 Beta1 \n * OpenSSL Project OpenSSL 1.0.2-1.0.2o \n * OpenSSL Project OpenSSL 1.0.2a \n * OpenSSL Project OpenSSL 1.0.2b \n * OpenSSL Project OpenSSL 1.0.2c \n * OpenSSL Project OpenSSL 1.0.2d \n * OpenSSL Project OpenSSL 1.0.2e \n * OpenSSL Project OpenSSL 1.0.2f \n * OpenSSL Project OpenSSL 1.0.2g \n * OpenSSL Project OpenSSL 1.0.2h \n * OpenSSL Project OpenSSL 1.0.2i \n * OpenSSL Project OpenSSL 1.0.2j \n * OpenSSL Project OpenSSL 1.0.2k \n * OpenSSL Project OpenSSL 1.0.2l \n * OpenSSL Project OpenSSL 1.0.2l-git \n * OpenSSL Project OpenSSL 1.0.2m \n * OpenSSL Project OpenSSL 1.0.2n \n * OpenSSL Project OpenSSL 1.0.2o \n * OpenSSL Project OpenSSL 1.0.2p \n * OpenSSL Project OpenSSL 1.0.2p-dev \n * OpenSSL Project OpenSSL 1.1.0 \n * OpenSSL Project OpenSSL 1.1.0a \n * OpenSSL Project OpenSSL 1.1.0b \n * OpenSSL Project OpenSSL 1.1.0c \n * OpenSSL Project OpenSSL 1.1.0d \n * OpenSSL Project OpenSSL 1.1.0e \n * OpenSSL Project OpenSSL 1.1.0f \n * OpenSSL Project OpenSSL 1.1.0g \n * OpenSSL Project OpenSSL 1.1.0h \n * OpenSSL Project OpenSSL 1.1.0i \n * OpenSSL Project OpenSSL 1.1.1 \n * Oracle API Gateway 11.1.2.4.0 \n * Oracle E-Business Suite 0.9.8 \n * Oracle E-Business Suite 1.0.0 \n * Oracle E-Business Suite 1.0.1 \n * Oracle Endeca Server 7.7.0 \n * Oracle Enterprise Manager Base Platform 12.1.0.5.0 \n * Oracle Enterprise Manager Base Platform 13.2.0.0.0 \n * Oracle Enterprise Manager Base Platform 13.3.0.0.0 \n * Oracle Enterprise Manager Ops Center 12.3.3 \n * Oracle MySQL Enterprise Backup 3.10.0 \n * Oracle MySQL Enterprise Backup 3.10.1 \n * Oracle MySQL Enterprise Backup 3.12.2 \n * Oracle MySQL Enterprise Backup 3.12.3 \n * Oracle MySQL Enterprise Backup 4.0.1 \n * Oracle MySQL Enterprise Backup 4.0.3 \n * Oracle MySQL Enterprise Backup 4.1.2 \n * Oracle MySQL Server 5.6.15 \n * Oracle MySQL Server 5.6.16 \n * Oracle MySQL Server 5.6.20 \n * Oracle MySQL Server 5.6.21 \n * Oracle MySQL Server 5.6.22 \n * Oracle MySQL Server 5.6.23 \n * Oracle MySQL Server 5.6.24 \n * Oracle MySQL Server 5.6.25 \n * Oracle MySQL Server 5.6.26 \n * Oracle MySQL Server 5.6.27 \n * Oracle MySQL Server 5.6.28 \n * Oracle MySQL Server 5.6.29 \n * Oracle MySQL Server 5.6.30 \n * Oracle MySQL Server 5.6.33 \n * Oracle MySQL Server 5.6.34 \n * Oracle MySQL Server 5.6.35 \n * Oracle MySQL Server 5.6.36 \n * Oracle MySQL Server 5.6.37 \n * Oracle MySQL Server 5.6.38 \n * Oracle MySQL Server 5.6.39 \n * Oracle MySQL Server 5.6.40 \n * Oracle MySQL Server 5.6.41 \n * Oracle MySQL Server 5.6.42 \n * Oracle MySQL Server 5.7.0 \n * Oracle MySQL Server 5.7.12 \n * Oracle MySQL Server 5.7.15 \n * Oracle MySQL Server 5.7.16 \n * Oracle MySQL Server 5.7.17 \n * Oracle MySQL Server 5.7.18 \n * Oracle MySQL Server 5.7.19 \n * Oracle MySQL Server 5.7.20 \n * Oracle MySQL Server 5.7.21 \n * Oracle MySQL Server 5.7.22 \n * Oracle MySQL Server 5.7.23 \n * Oracle MySQL Server 5.7.24 \n * Oracle MySQL Server 8.0.11 \n * Oracle MySQL Server 8.0.12 \n * Oracle MySQL Server 8.0.13 \n * Oracle PeopleSoft Enterprise PeopleTools 8.55 \n * Oracle PeopleSoft Enterprise PeopleTools 8.56 \n * Oracle PeopleSoft Enterprise PeopleTools 8.57 \n * Oracle Primavera P6 Enterprise Project Portfolio Management 15.1 \n * Oracle Primavera P6 Enterprise Project Portfolio Management 15.2 \n * Oracle Primavera P6 Enterprise Project Portfolio Management 16.1 \n * Oracle Primavera P6 Enterprise Project Portfolio Management 16.2 \n * Oracle Primavera P6 Enterprise Project Portfolio Management 17.12 \n * Oracle Primavera P6 Enterprise Project Portfolio Management 17.7 \n * Oracle Primavera P6 Enterprise Project Portfolio Management 18.8 \n * Oracle Primavera P6 Enterprise Project Portfolio Management 8.4 \n * Oracle Solaris 10 \n * Oracle Solaris 11.3 \n * Oracle Solaris 11.4 \n * Oracle Tuxedo 12.1.1.0.0 \n * Oracle VM VirtualBox 1.6 \n * Oracle VM VirtualBox 1.6.0 \n * Oracle VM VirtualBox 1.6.2 \n * Oracle VM VirtualBox 1.6.4 \n * Oracle VM VirtualBox 1.6.6 \n * Oracle VM VirtualBox 2.0.0 \n * Oracle VM VirtualBox 2.0.10 \n * Oracle VM VirtualBox 2.0.12 \n * Oracle VM VirtualBox 2.0.2 \n * Oracle VM VirtualBox 2.0.4 \n * Oracle VM VirtualBox 2.0.6 \n * Oracle VM VirtualBox 2.0.8 \n * Oracle VM VirtualBox 2.1.0 \n * Oracle VM VirtualBox 2.1.2 \n * Oracle VM VirtualBox 2.1.4 \n * Oracle VM VirtualBox 2.2 \n * Oracle VM VirtualBox 2.2.0 \n * Oracle VM VirtualBox 2.2.2 \n * Oracle VM VirtualBox 2.2.4 \n * Oracle VM VirtualBox 3.0 \n * Oracle VM VirtualBox 3.0.0 \n * Oracle VM VirtualBox 3.0.10 \n * Oracle VM VirtualBox 3.0.12 \n * Oracle VM VirtualBox 3.0.14 \n * Oracle VM VirtualBox 3.0.2 \n * Oracle VM VirtualBox 3.0.4 \n * Oracle VM VirtualBox 3.0.6 \n * Oracle VM VirtualBox 3.0.8 \n * Oracle VM VirtualBox 3.1 \n * Oracle VM VirtualBox 3.1.0 \n * Oracle VM VirtualBox 3.1.2 \n * Oracle VM VirtualBox 3.1.4 \n * Oracle VM VirtualBox 3.1.6 \n * Oracle VM VirtualBox 3.1.8 \n * Oracle VM VirtualBox 3.2 \n * Oracle VM VirtualBox 3.2.0 \n * Oracle VM VirtualBox 3.2.10 \n * Oracle VM VirtualBox 3.2.12 \n * Oracle VM VirtualBox 3.2.14 \n * Oracle VM VirtualBox 3.2.16 \n * Oracle VM VirtualBox 3.2.18 \n * Oracle VM VirtualBox 3.2.19 \n * Oracle VM VirtualBox 3.2.2 \n * Oracle VM VirtualBox 3.2.20 \n * Oracle VM VirtualBox 3.2.21 \n * Oracle VM VirtualBox 3.2.22 \n * Oracle VM VirtualBox 3.2.24 \n * Oracle VM VirtualBox 3.2.25 \n * Oracle VM VirtualBox 3.2.4 \n * Oracle VM VirtualBox 3.2.6 \n * Oracle VM VirtualBox 3.2.8 \n * Oracle VM VirtualBox 3.3 \n * Oracle VM VirtualBox 4.0 \n * Oracle VM VirtualBox 4.0.0 \n * Oracle VM VirtualBox 4.0.10 \n * Oracle VM VirtualBox 4.0.12 \n * Oracle VM VirtualBox 4.0.14 \n * Oracle VM VirtualBox 4.0.16 \n * Oracle VM VirtualBox 4.0.18 \n * Oracle VM VirtualBox 4.0.2 \n * Oracle VM VirtualBox 4.0.20 \n * Oracle VM VirtualBox 4.0.21 \n * Oracle VM VirtualBox 4.0.22 \n * Oracle VM VirtualBox 4.0.23 \n * Oracle VM VirtualBox 4.0.24 \n * Oracle VM VirtualBox 4.0.26 \n * Oracle VM VirtualBox 4.0.27 \n * Oracle VM VirtualBox 4.0.30 \n * Oracle VM VirtualBox 4.0.34 \n * Oracle VM VirtualBox 4.0.35 \n * Oracle VM VirtualBox 4.0.36 \n * Oracle VM VirtualBox 4.0.4 \n * Oracle VM VirtualBox 4.0.6 \n * Oracle VM VirtualBox 4.0.8 \n * Oracle VM VirtualBox 4.1 \n * Oracle VM VirtualBox 4.1.0 \n * Oracle VM VirtualBox 4.1.10 \n * Oracle VM VirtualBox 4.1.14 \n * Oracle VM VirtualBox 4.1.16 \n * Oracle VM VirtualBox 4.1.18 \n * Oracle VM VirtualBox 4.1.2 \n * Oracle VM VirtualBox 4.1.20 \n * Oracle VM VirtualBox 4.1.22 \n * Oracle VM VirtualBox 4.1.24 \n * Oracle VM VirtualBox 4.1.26 \n * Oracle VM VirtualBox 4.1.28 \n * Oracle VM VirtualBox 4.1.29 \n * Oracle VM VirtualBox 4.1.30 \n * Oracle VM VirtualBox 4.1.31 \n * Oracle VM VirtualBox 4.1.32 \n * Oracle VM VirtualBox 4.1.34 \n * Oracle VM VirtualBox 4.1.35 \n * Oracle VM VirtualBox 4.1.38 \n * Oracle VM VirtualBox 4.1.4 \n * Oracle VM VirtualBox 4.1.42 \n * Oracle VM VirtualBox 4.1.43 \n * Oracle VM VirtualBox 4.1.44 \n * Oracle VM VirtualBox 4.1.6 \n * Oracle VM VirtualBox 4.1.8 \n * Oracle VM VirtualBox 4.2 \n * Oracle VM VirtualBox 4.2.0 \n * Oracle VM VirtualBox 4.2.10 \n * Oracle VM VirtualBox 4.2.12 \n * Oracle VM VirtualBox 4.2.14 \n * Oracle VM VirtualBox 4.2.16 \n * Oracle VM VirtualBox 4.2.18 \n * Oracle VM VirtualBox 4.2.19 \n * Oracle VM VirtualBox 4.2.2 \n * Oracle VM VirtualBox 4.2.20 \n * Oracle VM VirtualBox 4.2.22 \n * Oracle VM VirtualBox 4.2.23 \n * Oracle VM VirtualBox 4.2.24 \n * Oracle VM VirtualBox 4.2.26 \n * Oracle VM VirtualBox 4.2.27 \n * Oracle VM VirtualBox 4.2.30 \n * Oracle VM VirtualBox 4.2.34 \n * Oracle VM VirtualBox 4.2.35 \n * Oracle VM VirtualBox 4.2.36 \n * Oracle VM VirtualBox 4.2.4 \n * Oracle VM VirtualBox 4.2.6 \n * Oracle VM VirtualBox 4.2.8 \n * Oracle VM VirtualBox 4.3 \n * Oracle VM VirtualBox 4.3.0 \n * Oracle VM VirtualBox 4.3.10 \n * Oracle VM VirtualBox 4.3.12 \n * Oracle VM VirtualBox 4.3.14 \n * Oracle VM VirtualBox 4.3.15 \n * Oracle VM VirtualBox 4.3.16 \n * Oracle VM VirtualBox 4.3.17 \n * Oracle VM VirtualBox 4.3.18 \n * Oracle VM VirtualBox 4.3.19 \n * Oracle VM VirtualBox 4.3.2 \n * Oracle VM VirtualBox 4.3.20 \n * Oracle VM VirtualBox 4.3.26 \n * Oracle VM VirtualBox 4.3.32 \n * Oracle VM VirtualBox 4.3.33 \n * Oracle VM VirtualBox 4.3.34 \n * Oracle VM VirtualBox 4.3.35 \n * Oracle VM VirtualBox 4.3.36 \n * Oracle VM VirtualBox 4.3.4 \n * Oracle VM VirtualBox 4.3.5 \n * Oracle VM VirtualBox 4.3.6 \n * Oracle VM VirtualBox 4.3.7 \n * Oracle VM VirtualBox 4.3.8 \n * Oracle VM VirtualBox 4.3.9 \n * Oracle VM VirtualBox 5.0 \n * Oracle VM VirtualBox 5.0.10 \n * Oracle VM VirtualBox 5.0.11 \n * Oracle VM VirtualBox 5.0.12 \n * Oracle VM VirtualBox 5.0.13 \n * Oracle VM VirtualBox 5.0.14 \n * Oracle VM VirtualBox 5.0.16 \n * Oracle VM VirtualBox 5.0.18 \n * Oracle VM VirtualBox 5.0.22 \n * Oracle VM VirtualBox 5.0.26 \n * Oracle VM VirtualBox 5.0.28 \n * Oracle VM VirtualBox 5.0.32 \n * Oracle VM VirtualBox 5.0.34 \n * Oracle VM VirtualBox 5.0.38 \n * Oracle VM VirtualBox 5.0.8 \n * Oracle VM VirtualBox 5.0.9 \n * Oracle VM VirtualBox 5.1.10 \n * Oracle VM VirtualBox 5.1.14 \n * Oracle VM VirtualBox 5.1.16 \n * Oracle VM VirtualBox 5.1.20 \n * Oracle VM VirtualBox 5.1.24 \n * Oracle VM VirtualBox 5.1.30 \n * Oracle VM VirtualBox 5.1.32 \n * Oracle VM VirtualBox 5.1.36 \n * Oracle VM VirtualBox 5.1.8 \n * Oracle VM VirtualBox 5.2.0 \n * Oracle VM VirtualBox 5.2.10 \n * Oracle VM VirtualBox 5.2.16 \n * Oracle VM VirtualBox 5.2.18 \n * Oracle VM VirtualBox 5.2.2 \n * Oracle VM VirtualBox 5.2.20 \n * Oracle VM VirtualBox 5.2.22 \n * Oracle VM VirtualBox 5.2.4 \n * Oracle VM VirtualBox 5.2.6 \n * Symantec Director 6.1 \n * Symantec PacketShaper 9.2 \n * Symantec PolicyCenter 9.2 \n * Symantec Security Analytics 7.2 \n * Symantec Security Analytics 7.3 \n * Symantec Security Analytics 8.0 \n * Symantec Web Isolation 1.12 \n * Tenable Nessus 1.0.1 \n * Tenable Nessus 3.0.3 \n * Tenable Nessus 4.0 \n * Tenable Nessus 4.4.1 \n * Tenable Nessus 5.0.2.23205 \n * Tenable Nessus 5.2.3 \n * Tenable Nessus 5.2.4 \n * Tenable Nessus 5.2.7 \n * Tenable Nessus 6.0.0 \n * Tenable Nessus 6.0.1 \n * Tenable Nessus 6.0.2 \n * Tenable Nessus 6.1.0 \n * Tenable Nessus 6.1.1 \n * Tenable Nessus 6.1.2 \n * Tenable Nessus 6.2.0 \n * Tenable Nessus 6.2.1 \n * Tenable Nessus 6.3.0 \n * Tenable Nessus 6.3.1 \n * Tenable Nessus 6.3.2 \n * Tenable Nessus 6.3.3 \n * Tenable Nessus 6.3.4 \n * Tenable Nessus 6.3.5 \n * Tenable Nessus 6.3.6 \n * Tenable Nessus 6.3.7 \n * Tenable Nessus 6.4.0 \n * Tenable Nessus 6.4.1 \n * Tenable Nessus 6.4.2 \n * Tenable Nessus 6.4.3 \n * Tenable Nessus 6.5.0 \n * Tenable Nessus 6.5.1 \n * Tenable Nessus 6.5.2 \n * Tenable Nessus 6.5.3 \n * Tenable Nessus 6.5.4 \n * Tenable Nessus 6.5.5 \n * Tenable Nessus 6.5.6 \n * Tenable Nessus 6.6.0 \n * Tenable Nessus 6.6.1 \n * Tenable Nessus 6.6.2 \n * Tenable Nessus 6.7.0 \n * Tenable Nessus 6.8.0 \n * Tenable Nessus 6.9.0 \n * Tenable Nessus 6.9.1 \n * Tenable Nessus 6.9.2 \n * Tenable Nessus 6.9.3 \n * Tenable Nessus 7.0 \n * Tenable Nessus 7.1.0 \n * Tenable Nessus 7.1.1 \n * Tenable Nessus 7.1.2 \n * Tenable Nessus 7.1.3 \n * Tenable Nessus 7.2.0 \n * Tenable Nessus 7.2.1 \n * Tenable Nessus 7.2.2 \n * Tenable Nessus 8.0.0 \n * Tenable Nessus 8.1.0 \n\n### Recommendations\n\n**Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.** \nGiven the local nature of this issue, grant only trusted and accountable individuals access to affected computers.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2018-10-30T00:00:00", "published": "2018-10-30T00:00:00", "id": "SMNTC-105758", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/105758", "type": "symantec", "title": "OpenSSL CVE-2018-0734 Side Channel Attack Information Disclosure Vulnerability", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-02-18T20:47:27", "bulletinFamily": "software", "cvelist": ["CVE-2018-0734", "CVE-2018-0735", "CVE-2018-5407", "CVE-2019-1543", "CVE-2019-1552", "CVE-2019-1559"], "description": "### SUMMARY\n\nSymantec Network Protection products using affected versions of OpenSSL are susceptible to multiple vulnerabilities. An attacker can recover DSA, ECDH, and ECDSA private keys through timing side-channel attacks. A remote attacker can also decrypt encrypted ciphertext and modify OpenSSL configuration and executable engine modules.\n\n \n\n### AFFECTED PRODUCTS\n\nBCAAA \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-0734, CVE-2019-1552, \nCVE-2019-1559 | 6.1 (only when Novell SSO realm is used) | A fix will not be provided. The vulnerable OpenSSL library is in the Novell SSO SDK and an updated Novell SSO SDK is no longer available. Please contact Novell for more information. \n \n \n\nContent Analysis (CA) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-0735, CVE-2019-1559 | 2.3 | Upgrade to a later version with fixes. \n2.4, 3.0, 3.1 | Not available at this time \nCVE-2018-5407 | 2.3 | Upgrade to a later version with fixes. \n2.4, 3.0 | Not available at this time \n3.1 | Not vulnerable, fixed in 3.1.0.0. \n \n \n\nDirector \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-0734, CVE-2018-5407, \nCVE-2019-1552 | 6.1 | Upgrade to a version of MC with the fixes. \n \n \n\nMail Threat Defense (MTD) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-0735, CVE-2018-5407, \nCVE-2019-1559 | 1.1 | Upgrade to a version of CAS and SMG with the fixes. \n \n \n\nMalware Analysis (MA) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-5407, CVE-2019-1559 | 4.2 | Upgrade to a version of Content Analysis with fixes. \n \n \n\nManagement Center (MC) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2019-1559 | 2.2 | Upgrade to a later version with fixes. \n2.3 | Upgrade to 2.3.3.1. \n2.4 and later | Not vulnerable, fixed \n \n \n\nPacketShaper (PS) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-0734, CVE-2019-1559 | 9.2 | Upgrade to a version of PacketShaper S-Series with fixes. \n \n \n\nPacketShaper (PS) S-Series \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-0734, CVE-2018-0735, \nCVE-2018-5407, CVE-2019-1559 | 11.6, 11.9, 11.10 | A fix will not be provided. Allot Secure Services Gateway (SSG) is a replacement product for PS S-Series. Switch to a version of SSG with the vulnerability fixes. \n \n \n\nPolicyCenter (PC) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-0734, CVE-2019-1559 | 9.2 | Upgrade to a version of PolicyCenter S-Series with fixes. \n \n \n\nPolicyCenter (PC) S-Series \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-0734, CVE-2018-0735, \nCVE-2018-5407, CVE-2019-1559 | 1.1 | A fix will not be provided. Allot NetXplorer is a replacement product for PC S-Series. Switch to a version of NetXplorer with the vulnerability fixes. \n \n \n\nReporter \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2019-1559 | 10.3, 10.4 | Upgrade to a later version with fixes. \n10.5 | Not available at this time \n \n \n\nSecurity Analytics (SA) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-0734, CVE-2018-5407, \nCVE-2019-1559 | 7.2, 8.1, 8.2 | Not available at this time \n7.3, 8.0 | Upgrade to later version with fixes. \n \n \n\nWeb Isolation (WI) \n--- \n**CVE** | **Supported Version(s)** | **Remediation** \nCVE-2018-0734, CVE-2018-0735, \nCVE-2018-5407 | 1.12 | Upgrade to 1.12.13+250. \n1.13 and later | Not vulnerable, fixed. \n \n \n\n### ADDITIONAL PRODUCT INFORMATION\n\nThe following products are not vulnerable: \n**AuthConnector \nCDP for Salesforce \nCDP for ServiceNow \nCDP for Oracle CRM on Demand \nCDP Communication Server \nCDP Integration Server \nGeneral Auth Connector Login Application \nProxyAV \nProxyAV ConLog and ConLogXP \nProxySG \nSymantec HSM Agent for the Luna SP \nUnified Agent \nWSS Agent \nWSS Mobile Agent**\n\nThe following products are under investigation: \n**Advanced Secure Gateway \nCacheFlow \nSSL Visibility \nX-Series XOS**\n\n \n\n### ISSUES\n\nCVE-2018-0734 \n--- \n**Severity / CVSSv3** | Medium / 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n**References** | SecurityFocus: [BID 105758](<https://www.securityfocus.com/bid/105758>) / NVD: [CVE-2018-0734](<https://nvd.nist.gov/vuln/detail/CVE-2018-0734>) \n**Impact** | Information disclosure \n**Description** | A timing side channel flaw in the DSA signature algorithm implementation allows an attacker to recover DSA private keys. \n \n \n\nCVE-2018-0735 \n--- \n**Severity / CVSSv3** | Medium / 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n**References** | SecurityFocus: [BID 105750](<https://www.securityfocus.com/bid/105750>) / NVD: [CVE-2018-0735](<https://nvd.nist.gov/vuln/detail/CVE-2018-0735>) \n**Impact** | Information disclosure \n**Description** | A timing side channel flaw in the ECDSA signature algorithm implementation allows an attacker to recover ECDSA private keys. \n \n \n\nCVE-2018-5407 \n--- \n**Severity / CVSSv3** | Medium / 4.7 (AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) \n**References** | SecurityFocus: [BID 105897](<https://www.securityfocus.com/bid/105897>) / NVD: [CVE-2018-5407](<https://nvd.nist.gov/vuln/detail/CVE-2018-5407>) \n**Impact** | Information disclosure \n**Description** | A timing side channel flaw in ECC scalar multiplication, used in ECDSA and ECDH signatures, allows a local attacker to recover ECDSA or ECDH private keys. \n \n \n\nCVE-2019-1543 \n--- \n**Severity / CVSSv3** | High / 7.4 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n**References** | SecurityFocus: [BID 107349](<https://www.securityfocus.com/bid/107349>) / NVD: [CVE-2019-1543](<https://nvd.nist.gov/vuln/detail/CVE-2019-1543>) \n**Impact** | Unspecified \n**Description** | An insufficient cryptographic parameter validation fault in the ChaCha20-Poly1305 cipher implementation allows an attacker to compromise data confidentiality and integrity through unspecified vectors. \n \n \n\nCVE-2019-1552 \n--- \n**Severity / CVSSv3** | Low / 3.3 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) \n**References** | SecurityFocus: [BID 109443](<https://www.securityfocus.com/bid/109443>) / NVD: [CVE-2019-1552](<https://nvd.nist.gov/vuln/detail/CVE-2019-1552>) \n**Impact** | Unauthorized modification of configuration and executable code \n**Description** | A fault in configuration file specification allows a local attacker to insert malicious CA certificates and modify OpenSSL configuration and executable engine modules. \n \n \n\nCVE-2019-1559 \n--- \n**Severity / CVSSv3** | Medium / 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n**References** | SecurityFocus: [BID 107174](<https://www.securityfocus.com/bid/107174>) / NVD: [CVE-2019-1559](<https://nvd.nist.gov/vuln/detail/CVE-2019-1559>) \n**Impact** | Information disclosure \n**Description** | A padding oracle fault in the SSL library allows a remote attacker to decrypt data encrypted inside the SSL tunnel. \n \n \n\n### REFERENCES \n\nOpenSSL Security Advisory [29 October 2018] - <https://www.openssl.org/news/secadv/20181029.txt> \nOpenSSL Security Advisory [30 October 2018] - <https://www.openssl.org/news/secadv/20181030.txt> \nOpenSSL Security Advisory [12 November 2018] - <https://www.openssl.org/news/secadv/20181112.txt> \nOpenSSL Security Advisory [26 February 2019] - <https://www.openssl.org/news/secadv/20190226.txt> \nOpenSSL Security Advisory [6 March 2019] - <https://www.openssl.org/news/secadv/20190306.txt> \nOpenSSL Security Advisory [30 July 2019] - <https://www.openssl.org/news/secadv/20190730.txt> \n \n\n### REVISION \n\n2021-02-18 A fix for CA 2.3 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2020-11-19 A fix for MTD 1.1 will not be provided. Please upgrade to a version of CAS and SMG with the vulnerability fixes. A fix for SA 7.3 and 8.0 will not be provided. Please upgrade to a later version with the vulnerability fixes. A fix for Director 6.1 will not be provided. Please upgrade to a version of MC with the vulnerability fixes. A fix for Reporter 10.4 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2020-11-12 Content Analysis 3.1 is vulnerable to CVE-2018-0735 and CVE-2019-1559. Content Analysis 3.1 is not vulnerable to CVE-2018-5407 because a fix is available in 3.1.0.0. \n2020-04-05 Content Analysis 3.0 is vulnerable to CVE-2018-0735, CVE-2018-5407, and CVE-2019-1559. Reporter 10.5 is vulnerable to CVE-2019-1559. Fixes will not be provided for Management Center 2.2 and Reporter 10.3. Please upgrade to a later version with the vulnerability fixes. Security Analytics 8.1 is vulnerable to CVE-2018-0734, CVE-2018-5407, and CVE-2019-1559. \n2020-04-04 PacketShaper S-Series and PolicyCenter S-Series are vulnerable to CVE-2018-0734, CVE-2018-0735, CVE-2018-5407, and CVE-2019-1559. A fix for PacketShaper S-Series will not be provided. Allot Secure Services Gateway (SSG) is a replacement product for PacketShaper S-Series. Switch to a version of SSG with the vulnerability fixes. A fix for PolicyCenter S-Series will not be provided. Allot NetXplorer is a replacement product for PolicyCenter S-Series. Switch to a version of NetXplorer with the vulnerability fixes. \n2020-01-26 MC 2.4 is not vulnerable because a fix is available in 2.4.1.1. \n2020-01-19 A fix for Malware Analysis will not be provided. Please upgrade to a version of Content Analysis with the vulnerability fixes. \n2019-10-10 A fix for PacketShaper 9.2 will not be provided. Please upgrade to a version of PacketShaper S-Series with the vulnerability fixes. A fix for PolicyCenter 9.2 will not be provided. Please upgrade to a version of PolicyCenter S-Series with the vulnerability fixes. \n2019-10-07 WI 1.13 is not vulnerable. \n2019-10-04 A fix for MC 2.3 is available in 2.3.3.1. \n2019-09-09 Added SecurityFocus BID for CVE-2019-1552. \n2019-09-05 initial public release\n", "modified": "2021-02-18T18:54:21", "published": "2019-09-05T08:00:00", "id": "SMNTC-1490", "href": "", "type": "symantec", "title": "OpenSSL Vulnerabilities Oct 2018 - Jul 2019", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "oraclelinux": [{"lastseen": "2019-08-19T21:14:00", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-5407", "CVE-2018-0735", "CVE-2019-1559"], "description": "[1.0.2k-19.0.1]\n- Bump release for rebuild.\n[1.0.2k-19]\n- close the RSA decryption 9 lives of Bleichenbacher cat\n timing side channel (#1649568)\n[1.0.2k-18]\n- fix CVE-2018-0734 - DSA signature local timing side channel\n- fix CVE-2019-1559 - 0-byte record padding oracle\n- close the RSA decryption One & done EM side channel (#1619558)\n[1.0.2k-17]\n- use SHA-256 in FIPS RSA pairwise key check\n- fix CVE-2018-5407 (and CVE-2018-0735) - EC signature local\n timing side-channel key extraction", "edition": 1, "modified": "2019-08-19T00:00:00", "published": "2019-08-19T00:00:00", "id": "ELSA-2019-4754", "href": "http://linux.oracle.com/errata/ELSA-2019-4754.html", "title": "openssl security update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-08-14T08:39:03", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-5407", "CVE-2018-0735", "CVE-2019-1559"], "description": "[1.0.2k-19.0.1]\n- Bump release for rebuild.\n[1.0.2k-19]\n- close the RSA decryption 9 lives of Bleichenbacher cat\n timing side channel (#1649568)\n[1.0.2k-18]\n- fix CVE-2018-0734 - DSA signature local timing side channel\n- fix CVE-2019-1559 - 0-byte record padding oracle\n- close the RSA decryption One & done EM side channel (#1619558)\n[1.0.2k-17]\n- use SHA-256 in FIPS RSA pairwise key check\n- fix CVE-2018-5407 (and CVE-2018-0735) - EC signature local\n timing side-channel key extraction", "edition": 1, "modified": "2019-08-13T00:00:00", "published": "2019-08-13T00:00:00", "id": "ELSA-2019-2304", "href": "http://linux.oracle.com/errata/ELSA-2019-2304.html", "title": "openssl security and bug fix update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-11-21T23:24:58", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2019-1543", "CVE-2018-0735"], "description": "[1.1.1c-2]\n- do not try to use EC groups disallowed in FIPS mode\n in TLS\n- fix Valgrind regression with constant-time code\n[1.1.1c-1]\n- update to the 1.1.1c release\n[1.1.1b-6]\n- adjust the default cert pbe algorithm for pkcs12 -export\n in the FIPS mode\n[1.1.1b-5]\n- Fix small regressions related to the rebase\n[1.1.1b-3]\n- FIPS compliance fixes\n[1.1.1b-1]\n- update to the 1.1.1b release\n- EVP_KDF API backport from master\n- SSH KDF implementation for EVP_KDF API backport from master\n- add S390x chacha20-poly1305 assembler support from master branch", "edition": 1, "modified": "2019-11-14T00:00:00", "published": "2019-11-14T00:00:00", "id": "ELSA-2019-3700", "href": "http://linux.oracle.com/errata/ELSA-2019-3700.html", "title": "openssl security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T18:38:43", "bulletinFamily": "unix", "cvelist": ["CVE-2018-5407"], "description": "[1.0.2k-16.0.1.el7_6.1]\n- Bump release for rebuild.\n[1.0.2k-16.1]\n- use SHA-256 in FIPS RSA pairwise key check\n- fix CVE-2018-5407 - EC signature local timing side-channel key extraction", "edition": 3, "modified": "2019-03-13T00:00:00", "published": "2019-03-13T00:00:00", "id": "ELSA-2019-0483", "href": "http://linux.oracle.com/errata/ELSA-2019-0483.html", "title": "openssl security and bug fix update", "type": "oraclelinux", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}], "centos": [{"lastseen": "2020-12-24T10:32:03", "bulletinFamily": "unix", "cvelist": ["CVE-2018-5407", "CVE-2018-0735"], "description": "**CentOS Errata and Security Advisory** CESA-2019:0483\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Perform the RSA signature self-tests with SHA-256 (BZ#1673914)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2019-March/035257.html\n\n**Affected packages:**\nopenssl\nopenssl-devel\nopenssl-libs\nopenssl-perl\nopenssl-static\n\n**Upstream details at:**\n", "edition": 5, "modified": "2019-03-19T14:32:25", "published": "2019-03-19T14:32:25", "id": "CESA-2019:0483", "href": "http://lists.centos.org/pipermail/centos-announce/2019-March/035257.html", "title": "openssl security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "debian": [{"lastseen": "2020-08-12T00:58:22", "bulletinFamily": "unix", "cvelist": ["CVE-2018-5407", "CVE-2018-0735"], "description": "Package : openssl\nVersion : 1.0.1t-1+deb8u10\nCVE ID : CVE-2018-0735 CVE-2018-5407\n\n\nCVE-2018-0735\n Samuel Weiser reported a timing vulnerability in the OpenSSL ECDSA\n signature generation, which might leak information to recover the\n private key.\n\nCVE-2018-5407\n Alejandro Cabrera Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar\n Pereida Garcia and Nicola Tuveri reported a vulnerability to a\n timing side channel attack, which might be used to recover the\n private key.\n\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n1.0.1t-1+deb8u10.\n\nWe recommend that you upgrade your openssl packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 10, "modified": "2018-11-21T21:45:41", "published": "2018-11-21T21:45:41", "id": "DEBIAN:DLA-1586-1:00096", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201811/msg00024.html", "title": "[SECURITY] [DLA 1586-1] openssl security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-15T01:11:31", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0732", "CVE-2018-0734", "CVE-2018-5407", "CVE-2018-0735", "CVE-2018-0737"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4348-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nNovember 30, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openssl\nCVE ID : CVE-2018-0732 CVE-2018-0734 CVE-2018-0735 CVE-2018-0737 \n CVE-2018-5407\n\nSeveral local side channel attacks and a denial of service via large\nDiffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets\nLayer toolkit.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.1.0j-1~deb9u1. Going forward, openssl security updates for\nstretch will be based on the 1.1.0x upstream releases.\n\nWe recommend that you upgrade your openssl packages.\n\nFor the detailed security status of openssl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openssl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 16, "modified": "2018-11-30T22:26:35", "published": "2018-11-30T22:26:35", "id": "DEBIAN:DSA-4348-1:05673", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00280.html", "title": "[SECURITY] [DSA 4348-1] openssl security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-09-26T13:05:38", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0732", "CVE-2018-0734", "CVE-2018-5407", "CVE-2018-0737"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4355-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nDecember 19, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openssl1.0\nCVE ID : CVE-2018-0732 CVE-2018-0734 CVE-2018-0737 CVE-2018-5407\n\nSeveral local side channel attacks and a denial of service via large\nDiffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets\nLayer toolkit.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.0.2q-1~deb9u1. Going forward, openssl1.0 security updates for\nstretch will be based on the 1.0.2x upstream releases.\n\nWe recommend that you upgrade your openssl1.0 packages.\n\nFor the detailed security status of openssl1.0 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openssl1.0\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 19, "modified": "2018-12-19T22:30:16", "published": "2018-12-19T22:30:16", "id": "DEBIAN:DSA-4355-1:1415E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00287.html", "title": "[SECURITY] [DSA 4355-1] openssl1.0 security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2020-12-24T07:30:33", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0735", "CVE-2018-5407"], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Perform the RSA signature self-tests with SHA-256 (BZ#1673914)", "modified": "2020-12-24T11:35:39", "published": "2019-03-12T12:21:31", "id": "RHSA-2019:0483", "href": "https://access.redhat.com/errata/RHSA-2019:0483", "type": "redhat", "title": "(RHSA-2019:0483) Moderate: openssl security and bug fix update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-11-05T23:04:26", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-0735", "CVE-2019-1543"], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nThe following packages have been upgraded to a later upstream version: openssl (1.1.1c). (BZ#1643026)\n\nSecurity Fix(es):\n\n* openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734)\n\n* openssl: timing side channel attack in the ECDSA signature generation (CVE-2018-0735)\n\n* openssl: ChaCha20-Poly1305 with long nonces (CVE-2019-1543)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.", "modified": "2019-11-06T02:45:54", "published": "2019-11-06T01:52:19", "id": "RHSA-2019:3700", "href": "https://access.redhat.com/errata/RHSA-2019:3700", "type": "redhat", "title": "(RHSA-2019:3700) Low: openssl security, bug fix, and enhancement update", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T14:34:15", "bulletinFamily": "unix", "cvelist": ["CVE-2018-5407"], "description": "For a list of changes included in this release, please read the Ansible Tower Release Notes: https://docs.ansible.com/ansible-tower/latest/html/release-notes/index.html", "modified": "2019-03-26T19:15:27", "published": "2019-03-26T19:14:33", "id": "RHSA-2019:0651", "href": "https://access.redhat.com/errata/RHSA-2019:0651", "type": "redhat", "title": "(RHSA-2019:0651) Moderate: Red Hat Ansible Tower 3.4.3", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}], "suse": [{"lastseen": "2018-11-24T21:04:34", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-0735"], "description": "This update for openssl-1_1 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-0734: timing vulnerability in DSA signature generation\n (bsc#1113652).\n - CVE-2018-0735: timing vulnerability in ECDSA signature generation\n (bsc#1113651).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2018-11-24T18:11:36", "published": "2018-11-24T18:11:36", "id": "OPENSUSE-SU-2018:3890-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-11/msg00043.html", "title": "Security update for openssl-1_1 (moderate)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-11-24T21:04:34", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-5407"], "description": "This update for openssl fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation\n (bsc#1113652).\n - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack\n defenses (bsc#1113534).\n - Add missing timing side channel patch for DSA signature generation\n (bsc#1113742).\n\n Non-security issues fixed:\n\n - Fixed infinite loop in DSA generation with incorrect parameters\n (bsc#1112209).\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n", "edition": 1, "modified": "2018-11-24T18:18:01", "published": "2018-11-24T18:18:01", "id": "OPENSUSE-SU-2018:3903-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-11/msg00046.html", "title": "Security update for openssl (moderate)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-12-08T17:30:05", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-5407"], "description": "This update for openssl-1_0_0 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation\n (bsc#1113652).\n - CVE-2018-5407: Added elliptic curve scalar multiplication timing attack\n defenses that fixes "PortSmash" (bsc#1113534).\n\n Non-security issues fixed:\n\n - Added missing timing side channel patch for DSA signature generation\n (bsc#1113742).\n - Set TLS version to 0 in msg_callback for record messages to avoid\n confusing applications (bsc#1100078).\n - Fixed infinite loop in DSA generation with incorrect parameters\n (bsc#1112209)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2018-12-08T15:08:25", "published": "2018-12-08T15:08:25", "id": "OPENSUSE-SU-2018:4050-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00018.html", "title": "Security update for openssl-1_0_0 (moderate)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-12-13T05:36:33", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-5407", "CVE-2016-8610"], "description": "This update for compat-openssl098 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation\n (bsc#1113652).\n - CVE-2018-5407: Fixed elliptic curve scalar multiplication timing attack\n defenses (bsc#1113534).\n - CVE-2016-8610: Adjusted current fix and add missing error string\n (bsc#1110018).\n - Fixed the "One and Done" side-channel attack on RSA (bsc#1104789).\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "edition": 1, "modified": "2018-12-13T03:13:21", "published": "2018-12-13T03:13:21", "id": "OPENSUSE-SU-2018:4104-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00026.html", "title": "Security update for compat-openssl098 (moderate)", "type": "suse", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:40", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-0735"], "description": "Arch Linux Security Advisory ASA-201812-5\n=========================================\n\nSeverity: Low\nDate : 2018-12-08\nCVE-ID : CVE-2018-0734 CVE-2018-0735\nPackage : openssl\nType : private key recovery\nRemote : Yes\nLink : https://security.archlinux.org/AVG-792\n\nSummary\n=======\n\nThe package openssl before version 1.1.1.a-1 is vulnerable to private\nkey recovery.\n\nResolution\n==========\n\nUpgrade to 1.1.1.a-1.\n\n# pacman -Syu \"openssl>=1.1.1.a-1\"\n\nThe problems have been fixed upstream in version 1.1.1.a.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2018-0734 (private key recovery)\n\nA timing vulnerability has been found in DSA signature generation in\nopenssl versions up to and including 1.1.1, where information is leaked\nvia a side channel when a BN is resized and could lead to private key\nrecovery.\n\n- CVE-2018-0735 (private key recovery)\n\nThe OpenSSL ECDSA signature algorithm has been shown to be vulnerable\nto a timing side channel attack in openssl versions prior to 1.1.1a. An\nattacker could use variations in the signing algorithm to recover the\nprivate key.\n\nImpact\n======\n\nA remote attacker might be able to recover a private ECDSA or DSA key\nvia a timing attack.\n\nReferences\n==========\n\nhttps://www.openssl.org/news/secadv/20181029.txt\nhttps://www.openssl.org/news/secadv/20181030.txt\nhttps://github.com/openssl/openssl/commit/8abfe72e8c1de1b95f50aa0d9134803b4d00070f\nhttps://github.com/openssl/openssl/pull/7486\nhttps://github.com/openssl/openssl/commit/b1d6d55ece1c26fa2829e2b819b038d7b6d692b4\nhttps://security.archlinux.org/CVE-2018-0734\nhttps://security.archlinux.org/CVE-2018-0735", "modified": "2018-12-08T00:00:00", "published": "2018-12-08T00:00:00", "id": "ASA-201812-5", "href": "https://security.archlinux.org/ASA-201812-5", "type": "archlinux", "title": "[ASA-201812-5] openssl: private key recovery", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-09-22T18:36:40", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-0735"], "description": "Arch Linux Security Advisory ASA-201812-6\n=========================================\n\nSeverity: Low\nDate : 2018-12-08\nCVE-ID : CVE-2018-0734 CVE-2018-0735\nPackage : lib32-openssl\nType : private key recovery\nRemote : Yes\nLink : https://security.archlinux.org/AVG-793\n\nSummary\n=======\n\nThe package lib32-openssl before version 1:1.1.1.a-1 is vulnerable to\nprivate key recovery.\n\nResolution\n==========\n\nUpgrade to 1:1.1.1.a-1.\n\n# pacman -Syu \"lib32-openssl>=1:1.1.1.a-1\"\n\nThe problems have been fixed upstream in version 1.1.1.a.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2018-0734 (private key recovery)\n\nA timing vulnerability has been found in DSA signature generation in\nopenssl versions up to and including 1.1.1, where information is leaked\nvia a side channel when a BN is resized and could lead to private key\nrecovery.\n\n- CVE-2018-0735 (private key recovery)\n\nThe OpenSSL ECDSA signature algorithm has been shown to be vulnerable\nto a timing side channel attack in openssl versions prior to 1.1.1a. An\nattacker could use variations in the signing algorithm to recover the\nprivate key.\n\nImpact\n======\n\nA remote attacker might be able to recover a private ECDSA or DSA key\nvia a timing attack.\n\nReferences\n==========\n\nhttps://www.openssl.org/news/secadv/20181029.txt\nhttps://www.openssl.org/news/secadv/20181030.txt\nhttps://github.com/openssl/openssl/commit/8abfe72e8c1de1b95f50aa0d9134803b4d00070f\nhttps://github.com/openssl/openssl/pull/7486\nhttps://github.com/openssl/openssl/commit/b1d6d55ece1c26fa2829e2b819b038d7b6d692b4\nhttps://security.archlinux.org/CVE-2018-0734\nhttps://security.archlinux.org/CVE-2018-0735", "modified": "2018-12-08T00:00:00", "published": "2018-12-08T00:00:00", "id": "ASA-201812-6", "href": "https://security.archlinux.org/ASA-201812-6", "type": "archlinux", "title": "[ASA-201812-6] lib32-openssl: private key recovery", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-09-22T18:36:40", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-5407"], "description": "Arch Linux Security Advisory ASA-201812-8\n=========================================\n\nSeverity: Low\nDate : 2018-12-08\nCVE-ID : CVE-2018-0734 CVE-2018-5407\nPackage : openssl-1.0\nType : private key recovery\nRemote : Yes\nLink : https://security.archlinux.org/AVG-807\n\nSummary\n=======\n\nThe package openssl-1.0 before version 1.0.2.q-1 is vulnerable to\nprivate key recovery.\n\nResolution\n==========\n\nUpgrade to 1.0.2.q-1.\n\n# pacman -Syu \"openssl-1.0>=1.0.2.q-1\"\n\nThe problems have been fixed upstream in version 1.0.2.q.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2018-0734 (private key recovery)\n\nA timing vulnerability has been found in DSA signature generation in\nopenssl versions up to and including 1.1.1, where information is leaked\nvia a side channel when a BN is resized and could lead to private key\nrecovery.\n\n- CVE-2018-5407 (private key recovery)\n\nA vulnerability has been found in the ECC scalar multiplication\nimplementation of OpenSSL < 1.1.0i and <= 1.0.2p. The implementation,\nused in e.g. ECDSA and ECDH, has been shown\nto be vulnerable to a microarchitecture timing side channel attack. An\nattacker with sufficient access to mount local timing attacks during\nECDSA signature generation could recover the private key.\n\nImpact\n======\n\nA remote attacker might be able to recover a private DSA key via a\ntiming attack. In addition, a local attacker might be able to recover a\nprivate ECC key via a timing attack.\n\nReferences\n==========\n\nhttps://www.openssl.org/news/secadv/20181030.txt\nhttps://github.com/openssl/openssl/commit/8abfe72e8c1de1b95f50aa0d9134803b4d00070f\nhttps://github.com/openssl/openssl/pull/7486\nhttps://www.openssl.org/news/secadv/20181112.txt\nhttps://github.com/openssl/openssl/commit/b18162a7c9bbfb57112459a4d6631fa258fd8c0c\nhttps://security.archlinux.org/CVE-2018-0734\nhttps://security.archlinux.org/CVE-2018-5407", "modified": "2018-12-08T00:00:00", "published": "2018-12-08T00:00:00", "id": "ASA-201812-8", "href": "https://security.archlinux.org/ASA-201812-8", "type": "archlinux", "title": "[ASA-201812-8] openssl-1.0: private key recovery", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-09-22T18:36:40", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-5407"], "description": "Arch Linux Security Advisory ASA-201812-7\n=========================================\n\nSeverity: Low\nDate : 2018-12-08\nCVE-ID : CVE-2018-0734 CVE-2018-5407\nPackage : lib32-openssl-1.0\nType : private key recovery\nRemote : Yes\nLink : https://security.archlinux.org/AVG-806\n\nSummary\n=======\n\nThe package lib32-openssl-1.0 before version 1.0.2.q-1 is vulnerable to\nprivate key recovery.\n\nResolution\n==========\n\nUpgrade to 1.0.2.q-1.\n\n# pacman -Syu \"lib32-openssl-1.0>=1.0.2.q-1\"\n\nThe problems have been fixed upstream in version 1.0.2.q.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2018-0734 (private key recovery)\n\nA timing vulnerability has been found in DSA signature generation in\nopenssl versions up to and including 1.1.1, where information is leaked\nvia a side channel when a BN is resized and could lead to private key\nrecovery.\n\n- CVE-2018-5407 (private key recovery)\n\nA vulnerability has been found in the ECC scalar multiplication\nimplementation of OpenSSL < 1.1.0i and <= 1.0.2p. The implementation,\nused in e.g. ECDSA and ECDH, has been shown\nto be vulnerable to a microarchitecture timing side channel attack. An\nattacker with sufficient access to mount local timing attacks during\nECDSA signature generation could recover the private key.\n\nImpact\n======\n\nA remote attacker might be able to recover a private DSA key via a\ntiming attack. In addition, a local attacker might be able to recover a\nprivate ECC key via a timing attack.\n\nReferences\n==========\n\nhttps://www.openssl.org/news/secadv/20181030.txt\nhttps://github.com/openssl/openssl/commit/8abfe72e8c1de1b95f50aa0d9134803b4d00070f\nhttps://github.com/openssl/openssl/pull/7486\nhttps://www.openssl.org/news/secadv/20181112.txt\nhttps://github.com/openssl/openssl/commit/b18162a7c9bbfb57112459a4d6631fa258fd8c0c\nhttps://security.archlinux.org/CVE-2018-0734\nhttps://security.archlinux.org/CVE-2018-5407", "modified": "2018-12-08T00:00:00", "published": "2018-12-08T00:00:00", "id": "ASA-201812-7", "href": "https://security.archlinux.org/ASA-201812-7", "type": "archlinux", "title": "[ASA-201812-7] lib32-openssl-1.0: private key recovery", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "freebsd": [{"lastseen": "2019-05-29T18:31:50", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-0735"], "description": "\nThe OpenSSL project reports:\n\nTiming vulnerability in ECDSA signature generation\n\t (CVE-2018-0735): The OpenSSL ECDSA signature algorithm has been\n\t shown to be vulnerable to a timing side channel attack. An\n\t attacker could use variations in the signing algorithm to\n\t recover the private key (Low).\nTiming vulnerability in DSA signature generation (CVE-2018-0734):\n\t Avoid a timing attack that leaks information via a side channel\n\t that triggers when a BN is resized. Increasing the size of the\n\t BNs prior to doing anything with them suppresses the attack (Low).\n\t \n\n", "edition": 5, "modified": "2018-11-10T00:00:00", "published": "2018-10-29T00:00:00", "id": "238AE7DE-DBA2-11E8-B713-B499BAEBFEAF", "href": "https://vuxml.freebsd.org/freebsd/238ae7de-dba2-11e8-b713-b499baebfeaf.html", "title": "OpenSSL -- Multiple vulnerabilities in 1.1 branch", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:31:48", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12123", "CVE-2018-0734", "CVE-2018-5407", "CVE-2018-12120", "CVE-2018-0735", "CVE-2018-12122", "CVE-2018-12121", "CVE-2018-12116"], "description": "\nNode.js reports:\n\nUpdates are now available for all active Node.js release lines. These include fixes for the vulnerabilities identified in the initial announcement. They also include upgrades of Node.js 6 and 8 to OpenSSL 1.0.2q, and upgrades of Node.js 10 and 11 to OpenSSL 1.1.0j.\nWe recommend that all Node.js users upgrade to a version listed below as soon as possible.\nDebugger port 5858 listens on any interface by default (CVE-2018-12120)\nAll versions of Node.js 6 are vulnerable and the severity is HIGH. When the debugger is enabled with node --debug or node debug, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate arbitrary JavaScript. The default interface is now localhost. It has always been possible to start the debugger on a specific interface, such as node --debug=localhost. The debugger was removed in Node.js 8 and replaced with the inspector, so no versions from 8 and later are vulnerable.\nDenial of Service with large HTTP headers (CVE-2018-12121)\nAll versions of 6 and later are vulnerable and the severity is HIGH. By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.\nThe total size of HTTP headers received by Node.js now must not exceed 8192 bytes.\n\"Slowloris\" HTTP Denial of Service (CVE-2018-12122)\nAll versions of Node.js 6 and later are vulnerable and the severity is LOW. An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time. Attack potential is mitigated by the use of a load balancer or other proxy layer.\nA timeout of 40 seconds now applies to servers receiving HTTP headers. This value can be adjusted with server.headersTimeout. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with server.setTimeout(), this aids in protecting against excessive resource retention and possible Denial of Service.\nHostname spoofing in URL parser for javascript protocol (CVE-2018-12123)\nAll versions of Node.js 6 and later are vulnerable and the severity is LOW. If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case \"javascript:\" (e.g. \"javAscript:\") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.\nHTTP request splitting (CVE-2018-12116)\nNode.js 6 and 8 are vulnerable and the severity is MEDIUM. If Node.js can be convinced to use unsanitized user-provided Unicode data for the path option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.\nOpenSSL Timing vulnerability in ECDSA signature generation (CVE-2018-0735)\nThe OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side-channel attack. An attacker could use variations in the signing algorithm to recover the private key.\nOpenSSL Timing vulnerability in DSA signature generation (CVE-2018-0734)\nThe OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side-channel attack. An attacker could use variations in the signing algorithm to recover the private key.\nOpenSSL Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407)\nOpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been shown to be vulnerable to a microarchitecture timing side-channel attack. An attacker with sufficient access to mount local timing attacks during ECDSA signature generation could recover the private key.\n\n", "edition": 5, "modified": "2018-11-27T00:00:00", "published": "2018-11-27T00:00:00", "id": "2A86F45A-FC3C-11E8-A414-00155D006B02", "href": "https://vuxml.freebsd.org/freebsd/2a86f45a-fc3c-11e8-a414-00155d006b02.html", "title": "node.js -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2020-10-25T16:36:01", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-5407"], "description": "New openssl packages are available for Slackware 14.2 and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/openssl-1.0.2q-i586-1_slack14.2.txz: Upgraded.\n This update fixes a timing side-channel flaw on processors which implement\n SMT/Hyper-Threading architectures, and a side channel attack on DSA\n signature generation that could allow an attacker to recover the private key.\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734\n (* Security fix *)\npatches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz: Upgraded.\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1u-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1u-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1u-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1u-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz\n\nUpdated packages for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2q-x86_64-1_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.1.1a-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.1.1a-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.1.1a-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.1.1a-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 packages:\ne6d4b3a76383f9f253da4128ba23f269 openssl-1.0.1u-i486-1_slack14.0.txz\nc61d31a1751ae39af89d3fee0b54f0d8 openssl-solibs-1.0.1u-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n96be19e6a96c9beb5d3bbc55348fb483 openssl-1.0.1u-x86_64-1_slack14.0.txz\nb7a8fa2ebd16c8ae106fc1267bc29eca openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n099b960e62eaea5d1a639a61a2fabca7 openssl-1.0.1u-i486-1_slack14.1.txz\nb5d5219e05db97f63c4d6c389d6884fb openssl-solibs-1.0.1u-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nfc96c87d76c9d1efd1290ac847fa7c7c openssl-1.0.1u-x86_64-1_slack14.1.txz\ne873b66f84f45ea34d028a3d524ce573 openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz\n\nSlackware 14.2 packages:\nd5f0cc19451e9c7e3967820cf02a20c6 openssl-1.0.2q-i586-1_slack14.2.txz\n594ca80447baecd608a51083b12a26d9 openssl-solibs-1.0.2q-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 packages:\n943bb2f3259ccf97a1b8b25f5f511c30 openssl-1.0.2q-x86_64-1_slack14.2.txz\n0d45afe2487c47b283c06902c56e4559 openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz\n\nSlackware -current packages:\n6f01f6dd0f40a12e473320386cfc8536 a/openssl-solibs-1.1.1a-i586-1.txz\n6e5a2ab2475a0d851376d12911b3c6b7 n/openssl-1.1.1a-i586-1.txz\n\nSlackware x86_64 -current packages:\neb4697703f1f4b81ad38e9247ab70dac a/openssl-solibs-1.1.1a-x86_64-1.txz\n12a10fd6bd2344b3e73106c8d5b9828c n/openssl-1.1.1a-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg openssl-1.0.2q-i586-1_slack14.2.txz openssl-solibs-1.0.2q-i586-1_slack14.2.txz", "modified": "2018-11-22T06:43:55", "published": "2018-11-22T06:43:55", "id": "SSA-2018-325-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.576913", "type": "slackware", "title": "[slackware-security] openssl", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "aix": [{"lastseen": "2019-05-29T19:19:14", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0734", "CVE-2018-5407"], "description": "IBM SECURITY ADVISORY\n\nFirst Issued: Tue Dec 11 09:37:36 CST 2018\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/openssl_advisory29.asc\nhttps://aix.software.ibm.com/aix/efixes/security/openssl_advisory29.asc\nftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory29.asc\n\n\nSecurity Bulletin: Vulnerabilities in OpenSSL affect AIX (CVE-2018-0734, \n CVE-2018-5407)\n\n\n===============================================================================\n\nSUMMARY:\n\n There are vulnerabilities in OpenSSL used by AIX.\n\n\n===============================================================================\n\nVULNERABILITY DETAILS:\n\n CVEID: CVE-2018-0734\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734\n DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive \n information, caused by a timing side channel attack in the DSA \n signature algorithm. An attacker could exploit this vulnerability \n using variations in the signing algorithm to recover the private key.\n CVSS Base Score: 3.7\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/152085 \n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector:(CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n CVEID: CVE-2018-5407\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407\n DESCRIPTION: Multiple SMT/Hyper-Threading architectures and \n processors could allow a local attacker to obtain sensitive \n information, caused by execution engine sharing on Simultaneous \n Multithreading (SMT) architecture. By using the PortSmash new \n side-channel attack, an attacker could run a malicious process next \n to legitimate processes using the architectures parallel thread \n running capabilities to leak encrypted data from the CPU's internal \n processes. Note: This vulnerability is known as PortSmash.\n CVSS Base Score: 5.1\n CVSS Temporal Score: See\n https://exchange.xforce.ibmcloud.com/vulnerabilities/152484\n for the current score\n CVSS Environmental Score*: Undefined\n CVSS Vector:(CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n\n AFFECTED PRODUCTS AND VERSIONS:\n \n AIX 5.3, 6.1, 7.1, 7.2\n VIOS 2.2.x\n\n The following fileset levels are vulnerable:\n \n key_fileset = osrcaix\n\n Fileset Lower Level Upper Level KEY\n ------------------------------------------------------\n openssl.base 1.0.2.500 1.0.2.1600 key_w_fs\n openssl.base 20.13.102.1000 20.16.102.1600 key_w_fs\n\n Note:\n A. 0.9.8, 1.0.1 OpenSSL versions are out-of-support. Customers are\n advised to upgrade to currently supported OpenSSL 1.0.2 version.\n\n B. Latest level of OpenSSL fileset is available from the web download site:\n https://www-01.ibm.com/marketing/iwm/iwm/web/pickUrxNew.do?source=aixbp&S_PKG=openssl\n \n To find out whether the affected filesets are installed on your systems,\n refer to the lslpp command found in the AIX user's guide.\n\n Example: lslpp -L | grep -i openssl.base\n\n REMEDIATION:\n\n A. FIXES\n\n The fixes can be downloaded via ftp or http from:\n\n ftp://aix.software.ibm.com/aix/efixes/security/openssl_fix29.tar\n http://aix.software.ibm.com/aix/efixes/security/openssl_fix29.tar\n https://aix.software.ibm.com/aix/efixes/security/openssl_fix29.tar\n\n The links above are to a tar file containing this signed\n advisory, fix packages, and OpenSSL signatures for each package.\n The fixes below include prerequisite checking. This will\n enforce the correct mapping between the fixes and AIX\n Technology Levels.\n \n Note that the tar file contains Interim fixes that are based on\n OpenSSL version, and AIX OpenSSL fixes are cumulative.\n\n You must be on the 'prereq for installation' level before\n applying the interim fix. This may require installing a new\n level(prereq version) first.\n\n\n AIX Level Interim Fix (*.Z) Fileset Name(prereq for installation) KEY\n --------------------------------------------------------------------------------------------\n 5.3, 6.1, 7.1, 7.2 102p_fix.181127.epkg.Z openssl.base(1.0.2.1600) key_w_fix\n 5.3, 6.1, 7.1, 7.2 fips_102p.181127.epkg.Z openssl.base(20.16.102.1600) key_w_fix\n\n VIOS Level Interim Fix (*.Z) Fileset Name(prereq for installation) KEY\n --------------------------------------------------------------------------------------------\n 2.2.x 102p_fix.181127.epkg.Z openssl.base(1.0.2.1600) key_w_fix \n 2.2.x fips_102p.181127.epkg.Z openssl.base(20.16.102.1600) key_w_fix\n\n\n To extract the fixes from the tar file:\n\n tar xvf openssl_fix29.tar\n cd openssl_fix29\n\n Verify you have retrieved the fixes intact:\n\n The checksums below were generated using the\n \"openssl dgst -sha256 file\" command as the followng:\n\n openssl dgst -sha256 filename KEY\n -----------------------------------------------------------------------------------------------------\n 4f68017e5ff53cb74e0f6e30fc0410193dd1641e7997a5a9e4bc630d47666eaf 102p_fix.181127.epkg.Z key_w_csum\n 42714d3f644d4b3250314721ae2e32f0680fea264f9b358a50f7fe9c07713b38 fips_102p.181127.epkg.Z key_w_csum\n\n These sums should match exactly. The OpenSSL signatures in the tar\n file and on this advisory can also be used to verify the\n integrity of the fixes. If the sums or signatures cannot be\n confirmed, contact IBM AIX Support at\n https://ibm.com/support/ and describe the discrepancy.\n \n openssl dgst -sha1 -verify <pubkey_file> -signature <advisory_file>.sig <advisory_file>\n\n openssl dgst -sha1 -verify <pubkey_file> -signature <ifix_file>.sig <ifix_file>\n\n Published advisory OpenSSL signature file location:\n\n http://aix.software.ibm.com/aix/efixes/security/openssl_advisory29.asc.sig\n https://aix.software.ibm.com/aix/efixes/security/openssl_advisory29.asc.sig\n ftp://aix.software.ibm.com/aix/efixes/security/openssl_advisory29.asc.sig\n\n B. FIX AND INTERIM FIX INSTALLATION\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; however, IBM does fully support them.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e ipkg_name -p # where ipkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e ipkg_name -X # where ipkg_name is the name of the\n # interim fix package being installed.\n\n\n \n WORKAROUNDS AND MITIGATIONS:\n\n None.\n\n\n===============================================================================\n\nCONTACT US:\n\n Note: Keywords labeled as KEY in this document are used for parsing\n purposes.\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n https://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n https://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Contact IBM Support for questions related to this announcement:\n\n http://ibm.com/support/\n https://ibm.com/support/\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\nftp://ftp.software.ibm.com/systems/power/AIX/systems_p_os_aix_security_pubkey.txt\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\nREFERENCES:\n\n Complete CVSS v3 Guide:\n http://www.first.org/cvss/user-guide\n https://www.first.org/cvss/user-guide\n On-line Calculator v3:\n http://www.first.org/cvss/calculator/3.0\n https://www.first.org/cvss/calculator/3.0\n\n\nRELATED INFORMATION:\n\n Security Bulletin: Vulnerabilities in OpenSSL affect AIX (CVE-2018-0734,\n CVE-2018-5407)\n https://www-01.ibm.com/support/docview.wss?uid=ibm10742759\n\n\nACKNOWLEDGEMENTS:\n\n None.\n\n\nCHANGE HISTORY:\n\n First Issued: Tue Dec 11 09:37:36 CST 2018\n\n\n===============================================================================\n\n*The CVSS Environment Score is customer environment specific and will\nultimately impact the Overall CVSS Score. Customers can evaluate the impact\nof this vulnerability in their environments by accessing the links in the\nReference section of this Security Bulletin.\n\nDisclaimer\nAccording to the Forum of Incident Response and Security Teams (FIRST), the\nCommon Vulnerability Scoring System (CVSS) is an \"industry open standard\ndesigned to convey vulnerability severity and help to determine urgency and\npriority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY\nOF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS\nFOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT\nOF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n", "edition": 4, "modified": "2018-12-11T09:37:36", "published": "2018-12-11T09:37:36", "id": "OPENSSL_ADVISORY29.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/openssl_advisory29.asc", "title": "There are vulnerabilities in OpenSSL used by AIX.", "type": "aix", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0495", "CVE-2018-0734", "CVE-2018-0735"], "description": "The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. ", "modified": "2019-01-18T02:14:55", "published": "2019-01-18T02:14:55", "id": "FEDORA:67D5B602F037", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: openssl-1.1.1a-1.fc29", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "openssl": [{"lastseen": "2020-09-14T11:36:03", "bulletinFamily": "software", "cvelist": ["CVE-2018-0735"], "description": " The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Reported by Samuel Weiser. \n\n * Fixed in OpenSSL 1.1.1a [(git commit)](<https://github.com/openssl/openssl/commit/b1d6d55ece1c26fa2829e2b819b038d7b6d692b4>) (Affected 1.1.1)\n * Fixed in OpenSSL 1.1.0j [(git commit)](<https://github.com/openssl/openssl/commit/56fb454d281a023b3f950d969693553d3f3ceea1>) (Affected 1.1.0-1.1.0i)\n", "edition": 1, "modified": "2018-10-29T00:00:00", "published": "2018-10-29T00:00:00", "id": "OPENSSL:CVE-2018-0735", "href": "https://www.openssl.org/news/secadv/20181029.txt", "title": "Vulnerability in OpenSSL - Timing vulnerability in ECDSA signature generation ", "type": "openssl", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-09-14T11:36:02", "bulletinFamily": "software", "cvelist": ["CVE-2018-5407"], "description": " OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been shown to be vulnerable to a microarchitecture timing side channel attack. An attacker with sufficient access to mount local timing attacks during ECDSA signature generation could recover the private key. Reported by Alejandro Cabrera Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and Nicola Tuveri. \n\n * Fixed in OpenSSL 1.1.0i [(git commit)](<https://github.com/openssl/openssl/commit/aab7c770353b1dc4ba045938c8fb446dd1c4531e>) (Affected 1.1.0-1.1.0h)\n * Fixed in OpenSSL 1.0.2q [(git commit)](<https://github.com/openssl/openssl/commit/b18162a7c9bbfb57112459a4d6631fa258fd8c0cq>) (Affected 1.0.2-1.0.2p)\n", "edition": 1, "modified": "2018-11-02T00:00:00", "published": "2018-11-02T00:00:00", "id": "OPENSSL:CVE-2018-5407", "href": "https://www.openssl.org/news/secadv/20181112.txt", "title": "Vulnerability in OpenSSL - Microarchitecture timing vulnerability in ECC scalar multiplication ", "type": "openssl", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}]}
