PT-2013-3282 · Oracle+5 · Oracle Vm Server+16

Kenny Paterson

+1

·

Published

2013-02-08

·

Updated

2024-06-15

·

CVE-2013-1620

CVSS v2.0

4.3

Medium

VectorAV:N/AC:M/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Mozilla Network Security Services (NSS) (affected versions not specified) Canonical Ubuntu Linux (affected versions not specified) Oracle Enterprise Manager Ops Center (affected versions not specified) Oracle GlassFish Communications Server (affected versions not specified) Oracle GlassFish Server (affected versions not specified) Oracle iPlanet Web Proxy Server (affected versions not specified) Oracle iPlanet Web Server (affected versions not specified) Oracle OpenSSO (affected versions not specified) Oracle Traffic Director (affected versions not specified) Oracle VM Server (affected versions not specified) Red Hat Enterprise Linux Desktop (affected versions not specified) Red Hat Enterprise Linux EUS (affected versions not specified) Red Hat Enterprise Linux Server (affected versions not specified) Red Hat Enterprise Linux Server AUS (affected versions not specified) Red Hat Enterprise Linux Workstation (affected versions not specified)
Description The TLS implementation in Mozilla Network Security Services (NSS) is susceptible to timing side-channel attacks due to improper handling of noncompliant MAC check operations during the processing of malformed CBC padding. This allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-203

Related Identifiers

CESA-2013_1144
CVE-2013-1620
OPENSUSE-SU-2013_0630-1
OPENSUSE-SU-2024:10451-1
RHSA-2013:1135
RHSA-2013:1144
RHSA-2013:1181
RHSA-2013_1135
RHSA-2013_1144

Affected Products

Centos
Network Security Services
Oracle Enterprise Manager Ops Center
Oracle Glassfish Communications Server
Oracle Glassfish Server
Oracle Opensso
Oracle Traffic Director
Oracle Vm Server
Oracle Iplanet Web Proxy Server
Oracle Iplanet Web Server
Red Hat
Red Hat Enterprise Linux Desktop
Red Hat Enterprise Linux
Red Hat Enterprise Linux Server
Red Hat Enterprise Linux Workstation
Suse
Ubuntu