OpenSSL CVE-2018-0737 Side Channel Attack Information Disclosure Vulnerability
BID:103766
CVE-2018-737 |Info
OpenSSL CVE-2018-0737 Side Channel Attack Information Disclosure Vulnerability
| Bugtraq ID: | 103766 |
| Class: | Design Error |
| CVE: |
CVE-2018-0737 |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 16 2018 12:00AM |
| Updated: | Feb 13 2019 01:00PM |
| Credit: | Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia. |
| Vulnerable: |
Tenable Nessus 7.2.1 Tenable Nessus 7.2 Tenable Nessus 7.1.3 Tenable Nessus 7.1.2 Tenable Nessus 7.1.1 Tenable Nessus 7.1 Tenable Nessus 6.9.3 Tenable Nessus 6.9 Tenable Nessus 6.8 Tenable Nessus 6.7 Tenable Nessus 6.6.2 Tenable Nessus 6.6.1 Tenable Nessus 6.6 Tenable Nessus 6.5.6 Tenable Nessus 6.5.5 Tenable Nessus 6.5.4 Tenable Nessus 6.5.3 Tenable Nessus 6.5.2 Tenable Nessus 6.5.1 Tenable Nessus 6.5 Tenable Nessus 6.4.3 Tenable Nessus 6.4.2 Tenable Nessus 6.4.1 Tenable Nessus 6.4 Tenable Nessus 6.3.7 Tenable Nessus 6.3.6 Tenable Nessus 6.3.5 Tenable Nessus 6.3.4 Tenable Nessus 6.3.3 Tenable Nessus 6.3.2 Tenable Nessus 6.3.1 Tenable Nessus 6.3 Tenable Nessus 6.2.1 Tenable Nessus 6.2 Tenable Nessus 6.1.2 Tenable Nessus 6.1.1 Tenable Nessus 6.1 Tenable Nessus 6.0.2 Tenable Nessus 6.0.1 Tenable Nessus 6.0 Tenable Nessus 7.0 Tenable Nessus 6.9.2 Tenable Nessus 6.9.1 Paloaltonetworks WF-500 0 Paloaltonetworks PAN-OS 8.1.3 Paloaltonetworks PAN-OS 8.1.2 Paloaltonetworks PAN-OS 8.1.1 Paloaltonetworks PAN-OS 8.1 Paloaltonetworks PAN-OS 8.0.12 Paloaltonetworks PAN-OS 8.0.9 Paloaltonetworks PAN-OS 8.0.8 Paloaltonetworks PAN-OS 8.0.2 Paloaltonetworks PAN-OS 8.0.1 Paloaltonetworks PAN-OS 7.1.19 Paloaltonetworks PAN-OS 7.1.16 Paloaltonetworks PAN-OS 7.1.12 Paloaltonetworks PAN-OS 7.1.11 Paloaltonetworks PAN-OS 7.1.9 Paloaltonetworks PAN-OS 7.1.5 Paloaltonetworks PAN-OS 7.1.4 Paloaltonetworks PAN-OS 7.1.3 Paloaltonetworks PAN-OS 7.1.2 Paloaltonetworks PAN-OS 7.1.1 Paloaltonetworks PAN-OS 7.1 Paloaltonetworks PAN-OS 6.1.18 Paloaltonetworks PAN-OS 6.1.16 Paloaltonetworks PAN-OS 6.1.15 Paloaltonetworks PAN-OS 6.1.14 Paloaltonetworks PAN-OS 6.1.12 Paloaltonetworks PAN-OS 6.1.11 Paloaltonetworks PAN-OS 6.1.10 Paloaltonetworks PAN-OS 6.1.9 Paloaltonetworks PAN-OS 6.1.4 Paloaltonetworks PAN-OS 6.1.3 Paloaltonetworks PAN-OS 8.0.7 Paloaltonetworks PAN-OS 8.0.6 Paloaltonetworks PAN-OS 8.0.5 Paloaltonetworks PAN-OS 8.0.4 Paloaltonetworks PAN-OS 8.0.3 Paloaltonetworks PAN-OS 8.0.11 Paloaltonetworks PAN-OS 8.0.10 Paloaltonetworks PAN-OS 7.1.8 Paloaltonetworks PAN-OS 7.1.7 Paloaltonetworks PAN-OS 7.1.6 Paloaltonetworks PAN-OS 7.1.18 Paloaltonetworks PAN-OS 7.1.17 Paloaltonetworks PAN-OS 7.1.14 Paloaltonetworks PAN-OS 7.1.13 Paloaltonetworks PAN-OS 7.1.10 Paloaltonetworks PAN-OS 6.1.20 Paloaltonetworks PAN-OS 6.1.2 Paloaltonetworks PAN-OS 6.1.19 Paloaltonetworks PAN-OS 6.1.17 Paloaltonetworks PAN-OS 6.1.13 Oracle Linux 7 Oracle Linux 6.0 OpenSSL Project OpenSSL 1.1 OpenSSL Project OpenSSL 1.0.2 McAfee Data Exchange Layer 4.1.2 McAfee Data Exchange Layer 4.1 McAfee Data Exchange Layer 4.0 |
| Not Vulnerable: |
Tenable Nessus 8.0 Paloaltonetworks PAN-OS 8.1.4 Paloaltonetworks PAN-OS 8.0.14 Paloaltonetworks PAN-OS 7.1.21 OpenSSL Project OpenSSL 1.1.0i OpenSSL Project OpenSSL 1.0.2p McAfee Data Exchange Layer 4.1.2 Hotfix 1 |
Discussion
OpenSSL CVE-2018-0737 Side Channel Attack Information Disclosure Vulnerability
OpenSSL is prone to a local information-disclosure vulnerability.
Local attackers can exploit this issue to obtain sensitive information. This may aid in further attacks.
OpenSSL is prone to a local information-disclosure vulnerability.
Local attackers can exploit this issue to obtain sensitive information. This may aid in further attacks.
Exploit / POC
OpenSSL CVE-2018-0737 Side Channel Attack Information Disclosure Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
OpenSSL CVE-2018-0737 Side Channel Attack Information Disclosure Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
OpenSSL CVE-2018-0737 Side Channel Attack Information Disclosure Vulnerability
References:
References:
- Cache timing vulnerability in RSA Key Generation (CVE-2018-0737) (OpenSSL)
- OpenSSL Homepage (OpenSSL)
- Nessus 8.0.0 Fixes Multiple Third-party Vulnerabilities (Tenable)
- OpenSSL 1.0.2 Series Release Notes (OpenSSL)
- OpenSSL 1.1.0 Series Release Notes (OpenSSL)
- OpenSSL Vulnerabilities in PAN-OS (PAN-SA-2018-0015) (Palo Alto Networks)
- Oracle Linux Bulletin - October 2018 (Oracle)
- SB10266 Data Exchange Layer update fixes three vulnerabilities (McAfee)