CVE-2018-0734

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

References

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html

http://www.securityfocus.com/bid/105758

https://access.redhat.com/errata/RHSA-2019:2304

https://access.redhat.com/errata/RHSA-2019:3700

https://access.redhat.com/errata/RHSA-2019:3932

https://access.redhat.com/errata/RHSA-2019:3933

https://access.redhat.com/errata/RHSA-2019:3935

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7

https://lists.fedoraproject.org/archives/list/[email protected]/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/

https://lists.fedoraproject.org/archives/list/[email protected]/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/

https://lists.fedoraproject.org/archives/list/[email protected]/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/

https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/

https://security.netapp.com/advisory/ntap-20181105-0002/

https://security.netapp.com/advisory/ntap-20190118-0002/

https://security.netapp.com/advisory/ntap-20190423-0002/

https://usn.ubuntu.com/3840-1/

https://www.debian.org/security/2018/dsa-4348

https://www.debian.org/security/2018/dsa-4355

https://www.openssl.org/news/secadv/20181030.txt

https://www.oracle.com/security-alerts/cpuapr2020.html

https://www.oracle.com/security-alerts/cpujan2020.html

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

https://www.tenable.com/security/tns-2018-16

https://www.tenable.com/security/tns-2018-17

Details

Source: MITRE

Published: 2018-10-30

Updated: 2020-08-24

Type: CWE-327

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 2.2

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from 1.0.2 to 1.0.2p (inclusive)

cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from 1.1.0 to 1.1.0i (inclusive)

cpe:2.3:a:openssl:openssl:1.1.1:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* versions from 6.9.0 to 6.15.1 (inclusive)

cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* versions from 8.9.0 to 8.14.0 (inclusive)

cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* versions from 10.13.0 to 10.14.1 (inclusive)

cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:* versions from 11.0.0 to 11.4.0 (inclusive)

Configuration 5

AND

OR

cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*

Configuration 6

OR

cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:*:*:*

cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*

Configuration 7

OR

cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:e-business_suite_technology_stack:0.9.8:*:*:*:*:*:*:*

cpe:2.3:a:oracle:e-business_suite_technology_stack:1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:e-business_suite_technology_stack:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:* versions from 3.0 to 3.12.3 (inclusive)

cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:* versions from 4.0 to 4.1.2 (inclusive)

cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*

cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*

cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*

cpe:2.3:a:oracle:primavera_p6_professional_project_management:8.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:primavera_p6_professional_project_management:15.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:primavera_p6_professional_project_management:15.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:primavera_p6_professional_project_management:16.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:primavera_p6_professional_project_management:16.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:* versions from 17.7 to 17.12 (inclusive)

cpe:2.3:a:oracle:primavera_p6_professional_project_management:18.8:*:*:*:*:*:*:*

cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*

Tenable Plugins

View all (79 total)

IDNameProductFamilySeverity
145661CentOS 8 : openssl (CESA-2019:3700)NessusCentOS Local Security Checks
high
137321Photon OS 1.0: Nodejs PHSA-2020-1.0-0298NessusPhotonOS Local Security Checks
medium
134085Photon OS 2.0: Nodejs PHSA-2020-2.0-0210NessusPhotonOS Local Security Checks
medium
132467NewStart CGSL CORE 5.05 / MAIN 5.05 : openssl Multiple Vulnerabilities (NS-SA-2019-0254)NessusNewStart CGSL Local Security Checks
medium
131584EulerOS 2.0 SP2 : openssl110f (EulerOS-SA-2019-2430)NessusHuawei Local Security Checks
low
131216RHEL 7 : JBoss Core Services (RHSA-2019:3933) (0-Length Headers Leak) (Data Dribble) (Internal Data Buffering) (Resource Loop)NessusRed Hat Local Security Checks
high
131215RHEL 6 : JBoss Core Services (RHSA-2019:3932) (0-Length Headers Leak) (Data Dribble) (Internal Data Buffering) (Resource Loop)NessusRed Hat Local Security Checks
high
131030Amazon Linux 2 : openssl (ALAS-2019-1362)NessusAmazon Linux Local Security Checks
medium
130680EulerOS 2.0 SP5 : openssl110h (EulerOS-SA-2019-2218)NessusHuawei Local Security Checks
low
130567RHEL 8 : openssl (RHSA-2019:3700)NessusRed Hat Local Security Checks
high
129941NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2019-0206)NessusNewStart CGSL Local Security Checks
medium
129653Fedora 31 : 1:compat-openssl10 (2019-db06efdea1)NessusFedora Local Security Checks
high
129368Fedora 29 : 1:compat-openssl10 (2019-9a0a7c0986)NessusFedora Local Security Checks
high
129319Fedora 30 : 1:compat-openssl10 (2019-00c25b9379)NessusFedora Local Security Checks
high
129201EulerOS 2.0 SP3 : openssl (EulerOS-SA-2019-2008)NessusHuawei Local Security Checks
medium
128946EulerOS Virtualization for ARM 64 3.0.2.0 : openssl (EulerOS-SA-2019-1943)NessusHuawei Local Security Checks
medium
128388CentOS 7 : openssl (CESA-2019:2304)NessusCentOS Local Security Checks
medium
128247Scientific Linux Security Update : openssl on SL7.x x86_64 (20190806)NessusScientific Linux Local Security Checks
medium
127734openSUSE Security Update : virtualbox (openSUSE-2019-1814)NessusSuSE Local Security Checks
critical
127710RHEL 7 : openssl (RHSA-2019:2304)NessusRed Hat Local Security Checks
medium
126931EulerOS 2.0 SP5 : openssl (EulerOS-SA-2019-1755)NessusHuawei Local Security Checks
medium
126859EulerOS 2.0 SP2 : openssl (EulerOS-SA-2019-1732)NessusHuawei Local Security Checks
medium
126281EulerOS 2.0 SP8 : openssl (EulerOS-SA-2019-1654)NessusHuawei Local Security Checks
medium
126046SUSE SLES12 Security Update : openssl (SUSE-SU-2019:1553-1)NessusSuSE Local Security Checks
medium
125844openSUSE Security Update : virtualbox (openSUSE-2019-1547)NessusSuSE Local Security Checks
high
125707AIX OpenSSL Advisory : openssl_advisory29.ascNessusAIX Local Security Checks
medium
125147Oracle Enterprise Manager Ops Center (Apr 2019 CPU)NessusMisc.
critical
700631MySQL 8.0.x < 8.0.15 Multiple Vulnerabilities (Jan 2019 CPU)Nessus Network MonitorDatabase
high
700630MySQL 8.0.x < 8.0.14 Multiple Vulnerabilities (Jan 2019 CPU)Nessus Network MonitorDatabase
high
700628MySQL 5.7.x < 5.7.25 Multiple Vulnerabilities (Jan 2019 CPU)Nessus Network MonitorDatabase
high
700623MySQL 5.6.x < 5.6.43 Multiple Vulnerabilities (Jan 2019 CPU)Nessus Network MonitorDatabase
high
124171Oracle Tuxedo Multiple Vulnerabilities (Apr 2019 CPU)NessusMisc.
medium
124169Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM) Multiple Vulnerabilities (Apr 2019 CPU)NessusCGI abuses
critical
124157Oracle Enterprise Manager Cloud Control (Apr 2019 CPU)NessusMisc.
high
124118Oracle E-Business Suite Multiple Vulnerabilities (Apr 2019 CPU)NessusMisc.
critical
123735EulerOS Virtualization 2.5.3 : openssl (EulerOS-SA-2019-1267)NessusHuawei Local Security Checks
medium
123402openSUSE Security Update : openssl-1_0_0 (openSUSE-2019-985)NessusSuSE Local Security Checks
medium
123386openSUSE Security Update : openssl-1_1 (openSUSE-2019-956)NessusSuSE Local Security Checks
medium
123081Amazon Linux AMI : openssl (ALAS-2019-1153)NessusAmazon Linux Local Security Checks
medium
122418openSUSE Security Update : nodejs6 (openSUSE-2019-234)NessusSuSE Local Security Checks
high
122230SUSE SLES12 Security Update : nodejs6 (SUSE-SU-2019:0395-1)NessusSuSE Local Security Checks
high
121899Photon OS 1.0: Openssl PHSA-2018-1.0-0199NessusPhotonOS Local Security Checks
medium
121608openSUSE Security Update : mysql-community-server (openSUSE-2019-138)NessusSuSE Local Security Checks
high
121415openSUSE Security Update : nodejs4 (openSUSE-2019-88)NessusSuSE Local Security Checks
high
121411openSUSE Security Update : virtualbox (openSUSE-2019-84)NessusSuSE Local Security Checks
high
121385OpenSSL 1.1.1 < 1.1.1a Multiple VulnerabilitiesNessusWeb Servers
medium
121384OpenSSL 1.1.0 < 1.1.0j Multiple VulnerabilitiesNessusWeb Servers
medium
121383OpenSSL 1.0.x < 1.0.2q Multiple VulnerabilitiesNessusWeb Servers
medium
121366Amazon Linux 2 : openssl (ALAS-2019-1153)NessusAmazon Linux Local Security Checks
medium
121292SUSE SLES12 Security Update : nodejs4 (SUSE-SU-2019:0117-1)NessusSuSE Local Security Checks
high
121247Oracle VM VirtualBox 5.2.x < 5.2.24 / 6.0.x < 6.0.2 (Jan 2019 CPU)NessusMisc.
high
121239Fedora 29 : 1:openssl (2019-a8ffcff7ee)NessusFedora Local Security Checks
medium
121229MySQL 8.0.x < 8.0.14 Multiple Vulnerabilities (Jan 2019 CPU)NessusDatabases
high
121228MySQL 5.7.x < 5.7.25 Multiple Vulnerabilities (Jan 2019 CPU)NessusDatabases
high
121227MySQL 5.6.x < 5.6.43 Multiple Vulnerabilities (Jan 2019 CPU)NessusDatabases
high
700392Oracle MySQL 5.7.x < 5.7.24 Multiple VulnerabilitiesNessus Network MonitorDatabase
high
700391Oracle MySQL 5.6.x < 5.6.42 Multiple VulnerabilitiesNessus Network MonitorDatabase
high
700390Oracle MySQL 8.0.x < 8.0.13 Multiple VulnerabilitiesNessus Network MonitorDatabase
high
120198Tenable Nessus < 7.1.4 Multiple Vulnerabilities (TNS-2018-17)NessusMisc.
medium
120197Tenable Nessus < 8.1.1 Multiple Vulnerabilities (TNS-2018-16)NessusMisc.
medium
120180SUSE SLED15 / SLES15 Security Update : openssl-1_0_0 (SUSE-SU-2018:4001-1)NessusSuSE Local Security Checks
medium
120166SUSE SLED15 / SLES15 Security Update : openssl-1_1 (SUSE-SU-2018:3863-1)NessusSuSE Local Security Checks
medium
119938Node.js Multiple Vulnerabilities (November 2018 Security Releases)NessusMisc.
high
119937SUSE SLES11 Security Update : openssl (SUSE-SU-2018:4274-1)NessusSuSE Local Security Checks
medium
119792Debian DSA-4355-1 : openssl1.0 - security updateNessusDebian Local Security Checks
medium
119646SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2018:4068-1)NessusSuSE Local Security Checks
medium
119641openSUSE Security Update : compat-openssl098 (openSUSE-2018-1529)NessusSuSE Local Security Checks
medium
119547openSUSE Security Update : openssl-1_0_0 (openSUSE-2018-1518)NessusSuSE Local Security Checks
medium
119511FreeBSD : node.js -- multiple vulnerabilities (2a86f45a-fc3c-11e8-a414-00155d006b02)NessusFreeBSD Local Security Checks
high
119497Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : openssl, openssl1.0 vulnerabilities (USN-3840-1)NessusUbuntu Local Security Checks
medium
119457SUSE SLED12 / SLES12 Security Update : openssl-1_0_0 (SUSE-SU-2018:3989-1)NessusSuSE Local Security Checks
medium
119313Debian DSA-4348-1 : openssl - security updateNessusDebian Local Security Checks
medium
119299SUSE SLED12 / SLES12 Security Update : openssl-1_1 (SUSE-SU-2018:3945-1)NessusSuSE Local Security Checks
medium
119140openSUSE Security Update : openssl-1_1 (openSUSE-2018-1465)NessusSuSE Local Security Checks
medium
119139openSUSE Security Update : openssl (openSUSE-2018-1464)NessusSuSE Local Security Checks
medium
119117SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2018:3866-1)NessusSuSE Local Security Checks
medium
119116SUSE SLES12 Security Update : openssl (SUSE-SU-2018:3864-1)NessusSuSE Local Security Checks
medium
119113Slackware 14.0 / 14.1 / 14.2 / current : openssl (SSA:2018-325-01)NessusSlackware Local Security Checks
medium
118496FreeBSD : OpenSSL -- Multiple vulnerabilities in 1.1 branch (238ae7de-dba2-11e8-b713-b499baebfeaf)NessusFreeBSD Local Security Checks
medium