CVE-2018-0737 MEDIUM

The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).

Additional Descriptions (1)

Se ha demostrado que el algoritmo de generación de claves RSA en OpenSSL es vulnerable a un ataque de sincronización de canal lateral de caché. Un atacante con acceso suficiente para montar ataques de sincronización de caché durante el proceso de generación de claves RSA podría recuperar la clave privada. Se ha solucionado en OpenSSL 1.1.0i-dev (afecta a 1.1.0-1.1.0h). Se ha solucionado en OpenSSL 1.0.2p-dev (afecta a 1.0.2b-1.0.2o).

Source	Type	Description
[email protected]	Primary	en CWE-327

• http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
  Source: [email protected]
• http://www.securityfocus.com/bid/103766
  Source: [email protected]
  Third Party Advisory VDB Entry
• http://www.securitytracker.com/id/1040685
  Source: [email protected]
  Third Party Advisory VDB Entry
• https://access.redhat.com/errata/RHSA-2018:3221
  Source: [email protected]
• https://access.redhat.com/errata/RHSA-2018:3505
  Source: [email protected]
• https://access.redhat.com/errata/RHSA-2019:3932
  Source: [email protected]
• https://access.redhat.com/errata/RHSA-2019:3933
  Source: [email protected]
• https://access.redhat.com/errata/RHSA-2019:3935
  Source: [email protected]
• https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=349a41da1ad88ad87825414752a8ff5fdd6a6c3f
  Source: [email protected]
• https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6939eab03a6e23d2bd2c3f5e34fe1d48e542e787
  Source: [email protected]
• https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html
  Source: [email protected]
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/
  Source: [email protected]
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/
  Source: [email protected]
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/
  Source: [email protected]
• https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
  Source: [email protected]
• https://security.gentoo.org/glsa/201811-21
  Source: [email protected]
• https://security.netapp.com/advisory/ntap-20180726-0003/
  Source: [email protected]
• https://securityadvisories.paloaltonetworks.com/Home/Detail/133
  Source: [email protected]
• https://usn.ubuntu.com/3628-1/
  Source: [email protected]
  Third Party Advisory
• https://usn.ubuntu.com/3628-2/
  Source: [email protected]
  Third Party Advisory
• https://usn.ubuntu.com/3692-1/
  Source: [email protected]
• https://usn.ubuntu.com/3692-2/
  Source: [email protected]
• https://www.debian.org/security/2018/dsa-4348
  Source: [email protected]
• https://www.debian.org/security/2018/dsa-4355
  Source: [email protected]
• https://www.openssl.org/news/secadv/20180416.txt
  Source: [email protected]
  Vendor Advisory
• https://www.oracle.com//security-alerts/cpujul2021.html
  Source: [email protected]
• https://www.oracle.com/security-alerts/cpuapr2020.html
  Source: [email protected]
• https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
  Source: [email protected]
• https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
  Source: [email protected]
• https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
  Source: [email protected]
• https://www.tenable.com/security/tns-2018-12
  Source: [email protected]
• https://www.tenable.com/security/tns-2018-13
  Source: [email protected]
• https://www.tenable.com/security/tns-2018-14
  Source: [email protected]
• https://www.tenable.com/security/tns-2018-17
  Source: [email protected]
• http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
  Source: af854a3a-2127-422b-91ae-364da2661108
• http://www.securityfocus.com/bid/103766
  Source: af854a3a-2127-422b-91ae-364da2661108
  Third Party Advisory VDB Entry
• http://www.securitytracker.com/id/1040685
  Source: af854a3a-2127-422b-91ae-364da2661108
  Third Party Advisory VDB Entry
• https://access.redhat.com/errata/RHSA-2018:3221
  Source: af854a3a-2127-422b-91ae-364da2661108
• https://access.redhat.com/errata/RHSA-2018:3505
  Source: af854a3a-2127-422b-91ae-364da2661108
• https://access.redhat.com/errata/RHSA-2019:3932
  Source: af854a3a-2127-422b-91ae-364da2661108
• https://access.redhat.com/errata/RHSA-2019:3933
  Source: af854a3a-2127-422b-91ae-364da2661108
• https://access.redhat.com/errata/RHSA-2019:3935
  Source: af854a3a-2127-422b-91ae-364da2661108
• https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=349a41da1ad88ad87825414752a8ff5fdd6a6c3f
  Source: af854a3a-2127-422b-91ae-364da2661108
• https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6939eab03a6e23d2bd2c3f5e34fe1d48e542e787
  Source: af854a3a-2127-422b-91ae-364da2661108
• https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html
  Source: af854a3a-2127-422b-91ae-364da2661108
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/
  Source: af854a3a-2127-422b-91ae-364da2661108
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/
  Source: af854a3a-2127-422b-91ae-364da2661108
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/
  Source: af854a3a-2127-422b-91ae-364da2661108
• https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
  Source: af854a3a-2127-422b-91ae-364da2661108
• https://security.gentoo.org/glsa/201811-21
  Source: af854a3a-2127-422b-91ae-364da2661108
• https://security.netapp.com/advisory/ntap-20180726-0003/
  Source: af854a3a-2127-422b-91ae-364da2661108
• https://securityadvisories.paloaltonetworks.com/Home/Detail/133
  Source: af854a3a-2127-422b-91ae-364da2661108
• https://usn.ubuntu.com/3628-1/
  Source: af854a3a-2127-422b-91ae-364da2661108
  Third Party Advisory
• https://usn.ubuntu.com/3628-2/
  Source: af854a3a-2127-422b-91ae-364da2661108
  Third Party Advisory
• https://usn.ubuntu.com/3692-1/
  Source: af854a3a-2127-422b-91ae-364da2661108
• https://usn.ubuntu.com/3692-2/
  Source: af854a3a-2127-422b-91ae-364da2661108
• https://www.debian.org/security/2018/dsa-4348
  Source: af854a3a-2127-422b-91ae-364da2661108
• https://www.debian.org/security/2018/dsa-4355
  Source: af854a3a-2127-422b-91ae-364da2661108
• https://www.openssl.org/news/secadv/20180416.txt
  Source: af854a3a-2127-422b-91ae-364da2661108
  Vendor Advisory
• https://www.oracle.com//security-alerts/cpujul2021.html
  Source: af854a3a-2127-422b-91ae-364da2661108
• https://www.oracle.com/security-alerts/cpuapr2020.html
  Source: af854a3a-2127-422b-91ae-364da2661108
• https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
  Source: af854a3a-2127-422b-91ae-364da2661108
• https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
  Source: af854a3a-2127-422b-91ae-364da2661108
• https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
  Source: af854a3a-2127-422b-91ae-364da2661108
• https://www.tenable.com/security/tns-2018-12
  Source: af854a3a-2127-422b-91ae-364da2661108
• https://www.tenable.com/security/tns-2018-13
  Source: af854a3a-2127-422b-91ae-364da2661108
• https://www.tenable.com/security/tns-2018-14
  Source: af854a3a-2127-422b-91ae-364da2661108
• https://www.tenable.com/security/tns-2018-17
  Source: af854a3a-2127-422b-91ae-364da2661108