CVE-2018-0734

Severity

43%

Complexity

86%

Confidentiality

48%

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

CVSS 3.0 Base Score 5.9. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N).

Overview

First reported 6 years ago

2018-10-30 12:29:00

Last updated 5 years ago

2019-06-11 22:29:00

Affected Software

OpenSSL Project OpenSSL

OpenSSL Project OpenSSL 1.1.1

1.1.1

Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)

14.04

Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)

16.04

Canonical Ubuntu Linux 18.04 LTS Edition

18.04

Canonical Ubuntu Linux 18.10

18.10

Debian Linux 9.0

9.0

Oracle API Gateway 11.1.2.4.0

11.1.2.4.0

Oracle E-Business Suite Technology Stack 0.9.8

0.9.8

Oracle E-Business Suite Technology Stack 1.0.0

1.0.0

Oracle E-Business Suite Technology Stack 1.0.1

1.0.1

Oracle Enterprise Manager Base Platform 12.1.0.5.0

12.1.0.5.0

Oracle Enterprise Manager Base Platform 13.2.0.0.0

13.2.0.0.0

Oracle Enterprise Manager Base Platform 13.3.0.0.0

13.3.0.0.0

Oracle Enterprise Manager Ops Center 12.3.3

12.3.3

Oracle PeopleSoft Enterprise PeopleTools 8.55

8.55

Oracle PeopleSoft Enterprise PeopleTools 8.56

8.56

Oracle PeopleSoft Enterprise PeopleTools 8.57

8.57

Oracle Primavera P6 Professional Project Management 8.4

8.4

Oracle Primavera P6 Professional Project Management 15.1

15.1

Oracle Primavera P6 Professional Project Management 15.2

15.2

Oracle Primavera P6 Professional Project Management 16.1

16.1

Oracle Primavera P6 Professional Project Management 16.2

16.2

Oracle Primavera P6 Professional Project Management 18.8

18.8

Oracle Tuxedo 12.1.1.0.0

12.1.1.0.0

References

openSUSE-SU-2019:1547

openSUSE-SU-2019:1814

105758

Third Party Advisory, VDB Entry

RHSA-2019:2304

RHSA-2019:3700

RHSA-2019:3932

RHSA-2019:3933

RHSA-2019:3935

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac

Patch, Third Party Advisory

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f

Patch, Third Party Advisory

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7

Patch, Third Party Advisory

FEDORA-2019-db06efdea1

FEDORA-2019-9a0a7c0986

FEDORA-2019-00c25b9379

https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/

Third Party Advisory

https://security.netapp.com/advisory/ntap-20181105-0002/

Third Party Advisory

https://security.netapp.com/advisory/ntap-20190118-0002/

Third Party Advisory

https://security.netapp.com/advisory/ntap-20190423-0002/

Third Party Advisory

USN-3840-1

Third Party Advisory

DSA-4348

Third Party Advisory

DSA-4355

Third Party Advisory

https://www.openssl.org/news/secadv/20181030.txt

Vendor Advisory

N/A

https://www.oracle.com/security-alerts/cpujan2020.html

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Patch, Third Party Advisory

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Patch, Third Party Advisory

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

https://www.tenable.com/security/tns-2018-16

Third Party Advisory

https://www.tenable.com/security/tns-2018-17

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.