OpenSSL CVE-2018-0734 Side Channel Attack Information Disclosure Vulnerability

2018-10-3000:00:00

Symantec Security Response

www.symantec.com

JSON

Description

OpenSSL is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information. This may aid in further attacks.

Technologies Affected

Bluecoat BCAAA 6.1
IBM AIX 5.3
IBM AIX 6.1
IBM AIX 7.1
IBM Aix 7.2
IBM DataPower Gateway 2018.4.1.0
IBM DataPower Gateway 2018.4.1.2
IBM DataPower Gateway 2018.4.1.5
IBM DataPower Gateway 2018.4.1.6
IBM DataPower Gateway 2018.4.1.8
IBM DataPower Gateway 7.6.0.0
IBM DataPower Gateway 7.6.0.10
IBM DataPower Gateway 7.6.0.11
IBM DataPower Gateway 7.6.0.12
IBM DataPower Gateway 7.6.0.14
IBM DataPower Gateway 7.6.0.15
IBM DataPower Gateway 7.6.0.17
IBM DataPower Gateway 7.6.0.3
IBM DataPower Gateway 7.6.0.8
IBM DataPower Gateway 7.6.0.9
IBM DataPower Gateways 7.6.0.0
IBM DataPower Gateways 7.6.0.1
IBM DataPower Gateways 7.6.0.5
IBM DataPower Gateways 7.6.0.6
IBM DataPower Gateways 7.6.0.8
IBM Vios 2.2.0
IBM Vios 2.2.0.10
IBM Vios 2.2.0.11
IBM Vios 2.2.0.12
IBM Vios 2.2.0.13
IBM Vios 2.2.1.0
IBM Vios 2.2.1.1
IBM Vios 2.2.1.3
IBM Vios 2.2.1.4
IBM Vios 2.2.1.8
IBM Vios 2.2.1.9
IBM Vios 2.2.2.0
IBM Vios 2.2.2.4
IBM Vios 2.2.2.5
IBM Vios 2.2.2.6
IBM Vios 2.2.3
IBM Vios 2.2.3.0
IBM Vios 2.2.3.2
IBM Vios 2.2.3.3
IBM Vios 2.2.3.4
IBM Vios 2.2.3.50
IBM Vios 2.2.4.0
OpenSSL Project OpenSSL 1.0.2
OpenSSL Project OpenSSL 1.0.2 Beta1
OpenSSL Project OpenSSL 1.0.2-1.0.2o
OpenSSL Project OpenSSL 1.0.2a
OpenSSL Project OpenSSL 1.0.2b
OpenSSL Project OpenSSL 1.0.2c
OpenSSL Project OpenSSL 1.0.2d
OpenSSL Project OpenSSL 1.0.2e
OpenSSL Project OpenSSL 1.0.2f
OpenSSL Project OpenSSL 1.0.2g
OpenSSL Project OpenSSL 1.0.2h
OpenSSL Project OpenSSL 1.0.2i
OpenSSL Project OpenSSL 1.0.2j
OpenSSL Project OpenSSL 1.0.2k
OpenSSL Project OpenSSL 1.0.2l
OpenSSL Project OpenSSL 1.0.2l-git
OpenSSL Project OpenSSL 1.0.2m
OpenSSL Project OpenSSL 1.0.2n
OpenSSL Project OpenSSL 1.0.2o
OpenSSL Project OpenSSL 1.0.2p
OpenSSL Project OpenSSL 1.0.2p-dev
OpenSSL Project OpenSSL 1.1.0
OpenSSL Project OpenSSL 1.1.0a
OpenSSL Project OpenSSL 1.1.0b
OpenSSL Project OpenSSL 1.1.0c
OpenSSL Project OpenSSL 1.1.0d
OpenSSL Project OpenSSL 1.1.0e
OpenSSL Project OpenSSL 1.1.0f
OpenSSL Project OpenSSL 1.1.0g
OpenSSL Project OpenSSL 1.1.0h
OpenSSL Project OpenSSL 1.1.0i
OpenSSL Project OpenSSL 1.1.1
Oracle API Gateway 11.1.2.4.0
Oracle E-Business Suite 0.9.8
Oracle E-Business Suite 1.0.0
Oracle E-Business Suite 1.0.1
Oracle Endeca Server 7.7.0
Oracle Enterprise Manager Base Platform 12.1.0.5.0
Oracle Enterprise Manager Base Platform 13.2.0.0.0
Oracle Enterprise Manager Base Platform 13.3.0.0.0
Oracle Enterprise Manager Ops Center 12.3.3
Oracle MySQL Enterprise Backup 3.10.0
Oracle MySQL Enterprise Backup 3.10.1
Oracle MySQL Enterprise Backup 3.12.2
Oracle MySQL Enterprise Backup 3.12.3
Oracle MySQL Enterprise Backup 4.0.1
Oracle MySQL Enterprise Backup 4.0.3
Oracle MySQL Enterprise Backup 4.1.2
Oracle MySQL Server 5.6.15
Oracle MySQL Server 5.6.16
Oracle MySQL Server 5.6.20
Oracle MySQL Server 5.6.21
Oracle MySQL Server 5.6.22
Oracle MySQL Server 5.6.23
Oracle MySQL Server 5.6.24
Oracle MySQL Server 5.6.25
Oracle MySQL Server 5.6.26
Oracle MySQL Server 5.6.27
Oracle MySQL Server 5.6.28
Oracle MySQL Server 5.6.29
Oracle MySQL Server 5.6.30
Oracle MySQL Server 5.6.33
Oracle MySQL Server 5.6.34
Oracle MySQL Server 5.6.35
Oracle MySQL Server 5.6.36
Oracle MySQL Server 5.6.37
Oracle MySQL Server 5.6.38
Oracle MySQL Server 5.6.39
Oracle MySQL Server 5.6.40
Oracle MySQL Server 5.6.41
Oracle MySQL Server 5.6.42
Oracle MySQL Server 5.7.0
Oracle MySQL Server 5.7.12
Oracle MySQL Server 5.7.15
Oracle MySQL Server 5.7.16
Oracle MySQL Server 5.7.17
Oracle MySQL Server 5.7.18
Oracle MySQL Server 5.7.19
Oracle MySQL Server 5.7.20
Oracle MySQL Server 5.7.21
Oracle MySQL Server 5.7.22
Oracle MySQL Server 5.7.23
Oracle MySQL Server 5.7.24
Oracle MySQL Server 8.0.11
Oracle MySQL Server 8.0.12
Oracle MySQL Server 8.0.13
Oracle PeopleSoft Enterprise PeopleTools 8.55
Oracle PeopleSoft Enterprise PeopleTools 8.56
Oracle PeopleSoft Enterprise PeopleTools 8.57
Oracle Primavera P6 Enterprise Project Portfolio Management 15.1
Oracle Primavera P6 Enterprise Project Portfolio Management 15.2
Oracle Primavera P6 Enterprise Project Portfolio Management 16.1
Oracle Primavera P6 Enterprise Project Portfolio Management 16.2
Oracle Primavera P6 Enterprise Project Portfolio Management 17.12
Oracle Primavera P6 Enterprise Project Portfolio Management 17.7
Oracle Primavera P6 Enterprise Project Portfolio Management 18.8
Oracle Primavera P6 Enterprise Project Portfolio Management 8.4
Oracle Solaris 10
Oracle Solaris 11.3
Oracle Solaris 11.4
Oracle Tuxedo 12.1.1.0.0
Oracle VM VirtualBox 1.6
Oracle VM VirtualBox 1.6.0
Oracle VM VirtualBox 1.6.2
Oracle VM VirtualBox 1.6.4
Oracle VM VirtualBox 1.6.6
Oracle VM VirtualBox 2.0.0
Oracle VM VirtualBox 2.0.10
Oracle VM VirtualBox 2.0.12
Oracle VM VirtualBox 2.0.2
Oracle VM VirtualBox 2.0.4
Oracle VM VirtualBox 2.0.6
Oracle VM VirtualBox 2.0.8
Oracle VM VirtualBox 2.1.0
Oracle VM VirtualBox 2.1.2
Oracle VM VirtualBox 2.1.4
Oracle VM VirtualBox 2.2
Oracle VM VirtualBox 2.2.0
Oracle VM VirtualBox 2.2.2
Oracle VM VirtualBox 2.2.4
Oracle VM VirtualBox 3.0
Oracle VM VirtualBox 3.0.0
Oracle VM VirtualBox 3.0.10
Oracle VM VirtualBox 3.0.12
Oracle VM VirtualBox 3.0.14
Oracle VM VirtualBox 3.0.2
Oracle VM VirtualBox 3.0.4
Oracle VM VirtualBox 3.0.6
Oracle VM VirtualBox 3.0.8
Oracle VM VirtualBox 3.1
Oracle VM VirtualBox 3.1.0
Oracle VM VirtualBox 3.1.2
Oracle VM VirtualBox 3.1.4
Oracle VM VirtualBox 3.1.6
Oracle VM VirtualBox 3.1.8
Oracle VM VirtualBox 3.2
Oracle VM VirtualBox 3.2.0
Oracle VM VirtualBox 3.2.10
Oracle VM VirtualBox 3.2.12
Oracle VM VirtualBox 3.2.14
Oracle VM VirtualBox 3.2.16
Oracle VM VirtualBox 3.2.18
Oracle VM VirtualBox 3.2.19
Oracle VM VirtualBox 3.2.2
Oracle VM VirtualBox 3.2.20
Oracle VM VirtualBox 3.2.21
Oracle VM VirtualBox 3.2.22
Oracle VM VirtualBox 3.2.24
Oracle VM VirtualBox 3.2.25
Oracle VM VirtualBox 3.2.4
Oracle VM VirtualBox 3.2.6
Oracle VM VirtualBox 3.2.8
Oracle VM VirtualBox 3.3
Oracle VM VirtualBox 4.0
Oracle VM VirtualBox 4.0.0
Oracle VM VirtualBox 4.0.10
Oracle VM VirtualBox 4.0.12
Oracle VM VirtualBox 4.0.14
Oracle VM VirtualBox 4.0.16
Oracle VM VirtualBox 4.0.18
Oracle VM VirtualBox 4.0.2
Oracle VM VirtualBox 4.0.20
Oracle VM VirtualBox 4.0.21
Oracle VM VirtualBox 4.0.22
Oracle VM VirtualBox 4.0.23
Oracle VM VirtualBox 4.0.24
Oracle VM VirtualBox 4.0.26
Oracle VM VirtualBox 4.0.27
Oracle VM VirtualBox 4.0.30
Oracle VM VirtualBox 4.0.34
Oracle VM VirtualBox 4.0.35
Oracle VM VirtualBox 4.0.36
Oracle VM VirtualBox 4.0.4
Oracle VM VirtualBox 4.0.6
Oracle VM VirtualBox 4.0.8
Oracle VM VirtualBox 4.1
Oracle VM VirtualBox 4.1.0
Oracle VM VirtualBox 4.1.10
Oracle VM VirtualBox 4.1.14
Oracle VM VirtualBox 4.1.16
Oracle VM VirtualBox 4.1.18
Oracle VM VirtualBox 4.1.2
Oracle VM VirtualBox 4.1.20
Oracle VM VirtualBox 4.1.22
Oracle VM VirtualBox 4.1.24
Oracle VM VirtualBox 4.1.26
Oracle VM VirtualBox 4.1.28
Oracle VM VirtualBox 4.1.29
Oracle VM VirtualBox 4.1.30
Oracle VM VirtualBox 4.1.31
Oracle VM VirtualBox 4.1.32
Oracle VM VirtualBox 4.1.34
Oracle VM VirtualBox 4.1.35
Oracle VM VirtualBox 4.1.38
Oracle VM VirtualBox 4.1.4
Oracle VM VirtualBox 4.1.42
Oracle VM VirtualBox 4.1.43
Oracle VM VirtualBox 4.1.44
Oracle VM VirtualBox 4.1.6
Oracle VM VirtualBox 4.1.8
Oracle VM VirtualBox 4.2
Oracle VM VirtualBox 4.2.0
Oracle VM VirtualBox 4.2.10
Oracle VM VirtualBox 4.2.12
Oracle VM VirtualBox 4.2.14
Oracle VM VirtualBox 4.2.16
Oracle VM VirtualBox 4.2.18
Oracle VM VirtualBox 4.2.19
Oracle VM VirtualBox 4.2.2
Oracle VM VirtualBox 4.2.20
Oracle VM VirtualBox 4.2.22
Oracle VM VirtualBox 4.2.23
Oracle VM VirtualBox 4.2.24
Oracle VM VirtualBox 4.2.26
Oracle VM VirtualBox 4.2.27
Oracle VM VirtualBox 4.2.30
Oracle VM VirtualBox 4.2.34
Oracle VM VirtualBox 4.2.35
Oracle VM VirtualBox 4.2.36
Oracle VM VirtualBox 4.2.4
Oracle VM VirtualBox 4.2.6
Oracle VM VirtualBox 4.2.8
Oracle VM VirtualBox 4.3
Oracle VM VirtualBox 4.3.0
Oracle VM VirtualBox 4.3.10
Oracle VM VirtualBox 4.3.12
Oracle VM VirtualBox 4.3.14
Oracle VM VirtualBox 4.3.15
Oracle VM VirtualBox 4.3.16
Oracle VM VirtualBox 4.3.17
Oracle VM VirtualBox 4.3.18
Oracle VM VirtualBox 4.3.19
Oracle VM VirtualBox 4.3.2
Oracle VM VirtualBox 4.3.20
Oracle VM VirtualBox 4.3.26
Oracle VM VirtualBox 4.3.32
Oracle VM VirtualBox 4.3.33
Oracle VM VirtualBox 4.3.34
Oracle VM VirtualBox 4.3.35
Oracle VM VirtualBox 4.3.36
Oracle VM VirtualBox 4.3.4
Oracle VM VirtualBox 4.3.5
Oracle VM VirtualBox 4.3.6
Oracle VM VirtualBox 4.3.7
Oracle VM VirtualBox 4.3.8
Oracle VM VirtualBox 4.3.9
Oracle VM VirtualBox 5.0
Oracle VM VirtualBox 5.0.10
Oracle VM VirtualBox 5.0.11
Oracle VM VirtualBox 5.0.12
Oracle VM VirtualBox 5.0.13
Oracle VM VirtualBox 5.0.14
Oracle VM VirtualBox 5.0.16
Oracle VM VirtualBox 5.0.18
Oracle VM VirtualBox 5.0.22
Oracle VM VirtualBox 5.0.26
Oracle VM VirtualBox 5.0.28
Oracle VM VirtualBox 5.0.32
Oracle VM VirtualBox 5.0.34
Oracle VM VirtualBox 5.0.38
Oracle VM VirtualBox 5.0.8
Oracle VM VirtualBox 5.0.9
Oracle VM VirtualBox 5.1.10
Oracle VM VirtualBox 5.1.14
Oracle VM VirtualBox 5.1.16
Oracle VM VirtualBox 5.1.20
Oracle VM VirtualBox 5.1.24
Oracle VM VirtualBox 5.1.30
Oracle VM VirtualBox 5.1.32
Oracle VM VirtualBox 5.1.36
Oracle VM VirtualBox 5.1.8
Oracle VM VirtualBox 5.2.0
Oracle VM VirtualBox 5.2.10
Oracle VM VirtualBox 5.2.16
Oracle VM VirtualBox 5.2.18
Oracle VM VirtualBox 5.2.2
Oracle VM VirtualBox 5.2.20
Oracle VM VirtualBox 5.2.22
Oracle VM VirtualBox 5.2.4
Oracle VM VirtualBox 5.2.6
Symantec Director 6.1
Symantec PacketShaper 9.2
Symantec PolicyCenter 9.2
Symantec Security Analytics 7.2
Symantec Security Analytics 7.3
Symantec Security Analytics 8.0
Symantec Web Isolation 1.12
Tenable Nessus 1.0.1
Tenable Nessus 3.0.3
Tenable Nessus 4.0
Tenable Nessus 4.4.1
Tenable Nessus 5.0.2.23205
Tenable Nessus 5.2.3
Tenable Nessus 5.2.4
Tenable Nessus 5.2.7
Tenable Nessus 6.0.0
Tenable Nessus 6.0.1
Tenable Nessus 6.0.2
Tenable Nessus 6.1.0
Tenable Nessus 6.1.1
Tenable Nessus 6.1.2
Tenable Nessus 6.2.0
Tenable Nessus 6.2.1
Tenable Nessus 6.3.0
Tenable Nessus 6.3.1
Tenable Nessus 6.3.2
Tenable Nessus 6.3.3
Tenable Nessus 6.3.4
Tenable Nessus 6.3.5
Tenable Nessus 6.3.6
Tenable Nessus 6.3.7
Tenable Nessus 6.4.0
Tenable Nessus 6.4.1
Tenable Nessus 6.4.2
Tenable Nessus 6.4.3
Tenable Nessus 6.5.0
Tenable Nessus 6.5.1
Tenable Nessus 6.5.2
Tenable Nessus 6.5.3
Tenable Nessus 6.5.4
Tenable Nessus 6.5.5
Tenable Nessus 6.5.6
Tenable Nessus 6.6.0
Tenable Nessus 6.6.1
Tenable Nessus 6.6.2
Tenable Nessus 6.7.0
Tenable Nessus 6.8.0
Tenable Nessus 6.9.0
Tenable Nessus 6.9.1
Tenable Nessus 6.9.2
Tenable Nessus 6.9.3
Tenable Nessus 7.0
Tenable Nessus 7.1.0
Tenable Nessus 7.1.1
Tenable Nessus 7.1.2
Tenable Nessus 7.1.3
Tenable Nessus 7.2.0
Tenable Nessus 7.2.1
Tenable Nessus 7.2.2
Tenable Nessus 8.0.0
Tenable Nessus 8.1.0

Recommendations

Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
Given the local nature of this issue, grant only trusted and accountable individuals access to affected computers.

Updates are available. Please see the references or vendor advisory for more information.

CPENameOperatorVersion
oracle vm virtualboxeq4.1.28
oracle vm virtualboxeq4.1.24
oracle vm virtualboxeq4.2.23
oracle vm virtualboxeq2.2.0
oracle vm virtualboxeq4.2.22
oracle vm virtualboxeq1.6.2
oracle vm virtualboxeq5.1.10
oracle vm virtualboxeq5.2.6
oracle vm virtualboxeq5.0.18
ibm vioseq2.2.0.13

Name	Operator	Version
oracle vm virtualbox	eq	4.1.28
oracle vm virtualbox	eq	4.1.24
oracle vm virtualbox	eq	4.2.23
oracle vm virtualbox	eq	2.2.0
oracle vm virtualbox	eq	4.2.22
oracle vm virtualbox	eq	1.6.2
oracle vm virtualbox	eq	5.1.10
oracle vm virtualbox	eq	5.2.6
oracle vm virtualbox	eq	5.0.18
ibm vios	eq	2.2.0.13