PT-2018-2488 · Mozilla+5 · Network Security Services+5

Eyal Ronen

·

Publicado

2018-08-23

·

Atualizado

2024-06-15

·

CVE-2018-12404

CVSS v3.1

5.9

Média

VetorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Network Security Services (NSS) versions prior to 3.41
Description A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This issue is related to errors in cryptographic transformations and can be exploited to gain unauthorized access to protected information. The attack is a variant of the Adaptive Chosen Ciphertext attack, also known as the Bleichenbacher attack. It may also involve downgrading the used TLS protocol version, allowing an attacker to access protected information using a side channel.
Recommendations For NSS versions prior to 3.41, update to version 3.41 or later to resolve the issue. As a temporary workaround, consider restricting the use of RSA encryption for handshakes until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-310CWE-200

Identificadores relacionados

ALT-PU-2019-1172
BDU:2019-00775
BDU:2019-01763
CESA-2019_2237
CVE-2018-12404
DLA-1704-1
DLA-2388-1
MGASA-2018-0482
OPENSUSE-SU-2018_4117-1
OPENSUSE-SU-2019:0183-1
OPENSUSE-SU-2019:1758-1
OPENSUSE-SU-2019_0183-1
OPENSUSE-SU-2019_1758-1
OPENSUSE-SU-2024:11058-1
RHSA-2019:2237
RHSA-2019_2237
SUSE-SU-2018:4235-1
SUSE-SU-2018:4236-1
SUSE-SU-2018:4236-2
SUSE-SU-2019:0273-1
USN-3850-1
USN-3850-2

Produtos afetados

Alt Linux
Centos
Network Security Services
Red Hat
Suse
Ubuntu