25 matches found
EUVD-2018-2915
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2018-10846
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination ...
SUSE CVE-2018-10845
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets...
Security Bulletin: Multiple Vulnerabilities in GnuTLS affects IBM Watson Studio Local
Summary Multiple Vulnerabilities in GnuTLS affects IBM Watson Studio Local Vulnerability Details CVEID: CVE-2018-10844 DESCRIPTION: It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct...
EulerOS 2.0 SP5 : gnutls (EulerOS-SA-2019-1136)
According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that GnuTLS's implementation of HMAC-SHA-384 was vulnerable to a Lucky Thirteen-style attack. A remote attacker could use this flaw to...
Updated gnutls packages fix security vulnerabilities
The updated packages fix security vulnerabilities: It was found that the GnuTLS implementation of HMAC-SHA-256 and HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical...
Side-Channel Attack
libgnutls.so is vulnerable to plain text recovery via cache-based side channel. An attacker is able to use a combination of Just in Time Prime+probe and Lucky-13 attacks to recover plain text using crafted packets in a cross-VM setting...
gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls
It was found that GnuTLS's implementation of HMAC-SHA-256 was vulnerable to Lucky Thirteen-style attack. A remote attacker could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets...
Debian DSA-4296-1 : mbedtls - security update
Two vulnerabilities were discovered in mbedtls, a lightweight crypto and SSL/TLS library which could result in plain text recovery via side-channel attacks. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-429...
[SECURITY] [DSA 4296-1] mbedtls security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4296-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 16, 2018 https://www.debian.org/security/faq -...
DEBIAN-CVE-2018-10846
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets...
Cross site scripting
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets...
Code injection
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets...
CVE-2018-10845
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets...
CVE-2018-10846
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets...
CVE-2018-10846
CVE-2018-10846 describes a cache-based side-channel in GnuTLS that can enable plaintext recovery in cross-VM settings. An attacker could combine a Just in Time Prime+probe attack with a Lucky-13 attack by sending crafted packets to exploit this vulnerability. Remediation in publicly documented ad...
CVE-2018-10845
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets...
CVE-2018-10846
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets...
UBUNTU-CVE-2018-10845
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets...
PT-2018-3451 · Gnu +5 · Gnutls +5
Name of the Vulnerable Software and Affected Versions: GnuTLS affected versions not specified Description: The issue is related to the GnuTLS implementation of HMAC-SHA-384, which is vulnerable to a Lucky thirteen style attack. This allows remote attackers to conduct distinguishing attacks and...