FreeBSD : Mbed TLS -- Local side channel attack on RSA and static Diffie-Hellman (bcdeb6d2-f02d-11ea-838a-0011d823eebd)

high Nessus Plugin ID 140313

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Manuel Pegourie-Gonnard reports :

An attacker with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) can recover the private keys used in RSA or static (finite-field) Diffie-Hellman operations.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?5bf23ce3

http://www.nessus.org/u?79533a17

Plugin Details

Severity: High

ID: 140313

File Name: freebsd_pkg_bcdeb6d2f02d11ea838a0011d823eebd.nasl

Version: 1.1

Type: local

Published: 9/8/2020

Updated: 9/8/2020

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:mbedtls, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 9/6/2020

Vulnerability Publication Date: 9/1/2020