Log

CVE-2018-0495 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Private key recovery
Description
+ An implementation flaw has been discovered in multiple cryptographic libraries that allows a side-channel based attacker to recover ECDSA or DSA private keys. When these cryptographic libraries use the private key to create a signature, such as for a TLS or SSH connection, they inadvertently leak information through memory caches. An unprivileged attacker running on the same machine can collect the information from a few thousand signatures and recover the value of the private key.
References
+ https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff;h=9010d1576e278a4274ad3f4aa15776c28f6ba965;hp=7b6c2afd699e889f5f054cc3d202a61bd0ee1dcf
+ https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html
+ https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/
Notes
CVE-2018-0497 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Information disclosure
Description
+ A remote plaintext recovery security issue has been found in Mbed TLS before 2.12.0, 2.7.5 or 2.1.14, when using a CBC based ciphersuite. To be able to mount an attack, the attacker has to be able to observe and manipulate network packets and, for TLS, to be able to generate multiple sessions where the same plaintext is sent. For DTLS a single session is sufficient. The attacker can then partially recover the plaintext of messages exploiting timing side-channels. The attack is feasible for all versions of TLS and DTLS, from 1.0 to 1.2.
References
+ https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02
Notes
CVE-2018-0500 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ It has been discovered that curl before 7.61.0 might overflow a heap based memory buffer when sending data over SMTP and using a reduced read buffer.
+
+ When sending data over SMTP, curl allocates a separate "scratch area" on the heap to be able to escape the uploaded data properly if the uploaded data contains data that requires it. The size of this temporary scratch area was mistakenly made to be 2 * sizeof(download_buffer) when it should have been made 2 * sizeof(upload_buffer). The upload and the download buffer sizes are identically sized by default (16KB) but since version 7.54.1, curl can resize the download buffer into a smaller buffer (as well as larger). If the download buffer size is set to a value smaller than 10923, the Curl_smtp_escape_eob() function might overflow the scratch buffer when sending contents of sufficient size and contents. The curl command line tool lowers the buffer size when --limit-rate is set to a value smaller than 16KB.
References
+ https://curl.haxx.se/docs/adv_2018-70a2.html
Notes
CVE-2018-0502 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Local
Type
+ Insufficient validation
Description
+ An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line.
References
+ https://bugs.debian.org/908000
+ https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d
Notes
CVE-2018-0503 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Access restriction bypass
Description
+ A security issue has been found in the rate limiting feature of mediawiki < 1.31.1 where, contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'.
References
+ https://phabricator.wikimedia.org/T169545
+ https://github.com/wikimedia/mediawiki/commit/befd48c5f7d3d073de96c87375d7380f6187deb6
Notes
CVE-2018-0505 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Access restriction bypass
Description
+ A security issue has been found in mediawiki < 1.31.1 where BotPassword can bypass CentralAuth's account lock.
References
+ https://phabricator.wikimedia.org/T194605
+ https://github.com/wikimedia/mediawiki/commit/ff6b4cb35c1944870fcd3cc525884790c20819b3
Notes
CVE-2018-0732 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Denial of service
Description
+ During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack.
References
+ https://www.openssl.org/news/secadv/20180612.txt
+ https://github.com/openssl/openssl/commit/ea7abeeabf92b7aca160bdd0208636d4da69f4f4
+ https://github.com/openssl/openssl/commit/3984ef0b72831da8b3ece4745cac4f8575b19098
Notes
CVE-2018-0734 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Private key recovery
Description
+ A timing vulnerability has been found in DSA signature generation in openssl versions up to and including 1.1.1, where information is leaked via a side channel when a BN is resized and could lead to private key recovery.
References
+ https://www.openssl.org/news/secadv/20181030.txt
+ https://github.com/openssl/openssl/commit/8abfe72e8c1de1b95f50aa0d9134803b4d00070f
+ https://github.com/openssl/openssl/pull/7486
Notes
CVE-2018-0735 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Remote
Type
+ Private key recovery
Description
+ The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack in openssl versions prior to 1.1.1a. An attacker could use variations in the signing algorithm to recover the private key.
References
+ https://www.openssl.org/news/secadv/20181029.txt
+ https://github.com/openssl/openssl/commit/b1d6d55ece1c26fa2829e2b819b038d7b6d692b4
Notes
CVE-2018-0737 created at 25 Sep 2019 19:31:40
Severity
+ Low
Remote
+ Local
Type
+ Private key recovery
Description
+ A cache-timing side channel attack in the RSA key generation algorithm has been found in OpenSSL <= 1.1.0h and <= 1.0.2o. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key.
References
+ https://www.openssl.org/news/secadv/20180416.txt
+ https://github.com/openssl/openssl/commit/6939eab03a6e23d2bd2c3f5e34fe1d48e542e787
+ https://github.com/openssl/openssl/commit/349a41da1ad88ad87825414752a8ff5fdd6a6c3f
Notes