CVE-2013-1620

MEDIUM

Description

The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

References

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html

http://openwall.com/lists/oss-security/2013/02/05/24

http://rhn.redhat.com/errata/RHSA-2013-1135.html

http://rhn.redhat.com/errata/RHSA-2013-1144.html

http://seclists.org/fulldisclosure/2014/Dec/23

http://security.gentoo.org/glsa/glsa-201406-19.xml

http://www.isg.rhul.ac.uk/tls/TLStiming.pdf

http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html

http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

http://www.securityfocus.com/archive/1/534161/100/0/threaded

http://www.securityfocus.com/bid/57777

http://www.securityfocus.com/bid/64758

http://www.ubuntu.com/usn/USN-1763-1

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

Details

Source: MITRE

Published: 2013-02-08

Updated: 2018-10-09

Type: CWE-310

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (26 total)

IDNameProductFamilySeverity
127200NewStart CGSL CORE 5.04 / MAIN 5.04 : nss Multiple Vulnerabilities (NS-SA-2019-0033)NessusNewStart CGSL Local Security Checks
high
89670VMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0015) (remote check)NessusMisc.
medium
80713Oracle Solaris Third-Party Patch Update : nss (cve_2013_1620_lucky_thirteen)NessusSolaris Local Security Checks
medium
78969RHEL 6 : rhev-hypervisor6 (RHSA-2013:1181)NessusRed Hat Local Security Checks
medium
78198F5 Networks BIG-IP : TLS in Mozilla NSS vulnerability (K15630)NessusF5 Networks Local Security Checks
medium
76178GLSA-201406-19 : Mozilla Network Security Service: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
74965openSUSE Security Update : Mozilla Firefox and others (openSUSE-SU-2013:0630-1)NessusSuSE Local Security Checks
critical
71578Amazon Linux AMI : nspr (ALAS-2013-266)NessusAmazon Linux Local Security Checks
high
71577Amazon Linux AMI : nss (ALAS-2013-265)NessusAmazon Linux Local Security Checks
high
71424Scientific Linux Security Update : nss, nspr, and nss-util on SL6.x i386/x86_64 (20131212)NessusScientific Linux Local Security Checks
high
71306Scientific Linux Security Update : nss and nspr on SL5.x i386/x86_64 (20131205)NessusScientific Linux Local Security Checks
high
71245VMSA-2013-0015 : VMware ESX updates to third-party librariesNessusVMware ESX Local Security Checks
high
70221Amazon Linux AMI : nss (ALAS-2013-217)NessusAmazon Linux Local Security Checks
medium
70220Amazon Linux AMI : nspr (ALAS-2013-216)NessusAmazon Linux Local Security Checks
medium
69279Scientific Linux Security Update : nss, nss-util, nss-softokn, and nspr on SL6.x i386/x86_64 (20130807)NessusScientific Linux Local Security Checks
medium
69256RHEL 6 : nss, nss-util, nss-softokn, and nspr (RHSA-2013:1144)NessusRed Hat Local Security Checks
medium
69253Oracle Linux 6 : nspr / nss / nss-softokn / nss-util (ELSA-2013-1144)NessusOracle Linux Local Security Checks
medium
69247CentOS 6 : nss / nss-util / nss-softokn / nspr (CESA-2013:1144)NessusCentOS Local Security Checks
medium
69223Scientific Linux Security Update : nss and nspr on SL5.x i386/x86_64 (20130805)NessusScientific Linux Local Security Checks
medium
69222RHEL 5 : nss and nspr (RHSA-2013:1135)NessusRed Hat Local Security Checks
medium
69221Oracle Linux 5 : nspr / nss (ELSA-2013-1135)NessusOracle Linux Local Security Checks
medium
69215CentOS 5 : nss (CESA-2013:1135)NessusCentOS Local Security Checks
medium
66064Mandriva Linux Security Advisory : nss (MDVSA-2013:050)NessusMandriva Local Security Checks
medium
65572Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : nss vulnerability (USN-1763-1)NessusUbuntu Local Security Checks
medium
65532Fedora 17 : nspr-4.9.5-2.fc17 / nss-3.14.3-1.fc17 / nss-softokn-3.14.3-1.fc17 / etc (2013-3079)NessusFedora Local Security Checks
medium
64941Fedora 18 : nspr-4.9.5-2.fc18 / nss-3.14.3-1.fc18 / nss-softokn-3.14.3-1.fc18 / etc (2013-2929)NessusFedora Local Security Checks
medium