ID CVE-2016-6489
Summary The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.
References
Vulnerable Configurations
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
  • RedHat Enterprise Linux HPC Node 7.0
    cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • Canonical Ubuntu Linux 12.04 LTS
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.10
    cpe:2.3:o:canonical:ubuntu_linux:16.10
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • cpe:2.3:a:nettle_project:nettle
    cpe:2.3:a:nettle_project:nettle
CVSS
Base: 5.0 (as of 25-04-2017 - 12:11)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-1_0-0119.NASL
    description An update of 'nettle' packages of Photon OS has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 111925
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111925
    title Photon OS 1.0: Nettle PHSA-2018-1.0-0119 (deprecated)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-762CB57C92.NASL
    description Nettle 3.3: https://lists.gnu.org/archive/html/info-gnu/2016-10/msg00003.html GnuTLS 3.5.5: https://lists.gnupg.org/pipermail/gnutls-devel/2016-October/008194.htm l Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-01
    plugin id 95005
    published 2016-11-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95005
    title Fedora 25 : mingw-gnutls / mingw-nettle (2016-762cb57c92)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3193-1.NASL
    description It was discovered that Nettle incorrectly mitigated certain timing side-channel attacks. A remote attacker could possibly use this flaw to recover private keys. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 97050
    published 2017-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97050
    title Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : nettle vulnerability (USN-3193-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-593.NASL
    description The cryptographic library nettle had a potential information leak problem reported. CVE-2016-6489 RSA code is vulnerable to cache sharing related attacks. For Debian 7 'Wheezy', this problems has been fixed in version 2.4-3+deb7u1. We recommend that you upgrade your nettle packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-09
    plugin id 92874
    published 2016-08-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92874
    title Debian DLA-593-1 : nettle security update
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201706-21.NASL
    description The remote host is affected by the vulnerability described in GLSA-201706-21 (nettle: Information disclosure) It was found that nettle’s RSA and DSA decryption code was vulnerable to cache-related side channel attacks. See the referenced technical paper “Cache Attacks Enable Bulk Key Recovery on the Cloud” below for details. Impact : An attacker could recover the private key from a co-located virtual-machine instance. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 101016
    published 2017-06-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101016
    title GLSA-201706-21 : nettle: Information disclosure
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-1_0-0119_NETTLE.NASL
    description An update of the nettle package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 121816
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121816
    title Photon OS 1.0: Nettle PHSA-2018-1.0-0119
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-2582.NASL
    description From Red Hat Security Advisory 2016:2582 : An update for nettle is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Nettle is a cryptographic library that is designed to fit easily in almost any context: In cryptographic toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like lsh or GnuPG, or even in kernel space. Security Fix(es) : * Multiple flaws were found in the way nettle implemented elliptic curve scalar multiplication. These flaws could potentially introduce cryptographic weaknesses into nettle's functionality. (CVE-2015-8803, CVE-2015-8804, CVE-2015-8805) * It was found that nettle's RSA and DSA decryption code was vulnerable to cache-related side channel attacks. An attacker could use this flaw to recover the private key from a co-located virtual-machine instance. (CVE-2016-6489) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 94704
    published 2016-11-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94704
    title Oracle Linux 7 : nettle (ELSA-2016-2582)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2016-1061.NASL
    description According to the versions of the nettle packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Nettle is a cryptographic library that is designed to fit easily in more or less any context: In crypto toolkits for object-oriented languages(C++, Python, Pike, ...), in applications like LSH or GNUPG, or even in kernel space. - Secure Fix(es): - The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.(CVE-2015-8803) - x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.(CVE-2015-8804) - The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.(CVE-2015-8805) - It was found that nettle's RSA and DSA decryption code was vulnerable to cache-related side channel attacks. An attacker could use this flaw to recover the private key from a co-located virtual-machine instance.(CVE-2016-6489) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 99823
    published 2017-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99823
    title EulerOS 2.0 SP1 : nettle (EulerOS-SA-2016-1061)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-2582.NASL
    description An update for nettle is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Nettle is a cryptographic library that is designed to fit easily in almost any context: In cryptographic toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like lsh or GnuPG, or even in kernel space. Security Fix(es) : * Multiple flaws were found in the way nettle implemented elliptic curve scalar multiplication. These flaws could potentially introduce cryptographic weaknesses into nettle's functionality. (CVE-2015-8803, CVE-2015-8804, CVE-2015-8805) * It was found that nettle's RSA and DSA decryption code was vulnerable to cache-related side channel attacks. An attacker could use this flaw to recover the private key from a co-located virtual-machine instance. (CVE-2016-6489) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 94545
    published 2016-11-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94545
    title RHEL 7 : nettle (RHSA-2016:2582)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-675.NASL
    description This update for libnettle fixes the following issues : - CVE-2016-6489 : - Reject invalid RSA keys with even modulo. - Check for invalid keys, with even p, in dsa_sign(). - Use function mpz_powm_sec() instead of mpz_powm() (bsc#991464). This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2018-01-26
    plugin id 100753
    published 2017-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100753
    title openSUSE Security Update : libnettle (openSUSE-2017-675)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1481-1.NASL
    description This update for libnettle fixes the following issues : - CVE-2016-6489 : - Reject invalid RSA keys with even modulo. - Check for invalid keys, with even p, in dsa_sign(). - Use function mpz_powm_sec() instead of mpz_powm() (bsc#991464). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 100614
    published 2017-06-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100614
    title SUSE SLED12 / SLES12 Security Update : libnettle (SUSE-SU-2017:1481-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-2582.NASL
    description An update for nettle is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Nettle is a cryptographic library that is designed to fit easily in almost any context: In cryptographic toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like lsh or GnuPG, or even in kernel space. Security Fix(es) : * Multiple flaws were found in the way nettle implemented elliptic curve scalar multiplication. These flaws could potentially introduce cryptographic weaknesses into nettle's functionality. (CVE-2015-8803, CVE-2015-8804, CVE-2015-8805) * It was found that nettle's RSA and DSA decryption code was vulnerable to cache-related side channel attacks. An attacker could use this flaw to recover the private key from a co-located virtual-machine instance. (CVE-2016-6489) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 95329
    published 2016-11-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95329
    title CentOS 7 : nettle (CESA-2016:2582)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20161103_NETTLE_ON_SL7_X.NASL
    description Security Fix(es) : - Multiple flaws were found in the way nettle implemented elliptic curve scalar multiplication. These flaws could potentially introduce cryptographic weaknesses into nettle's functionality. (CVE-2015-8803, CVE-2015-8804, CVE-2015-8805) - It was found that nettle's RSA and DSA decryption code was vulnerable to cache-related side channel attacks. An attacker could use this flaw to recover the private key from a co-located virtual-machine instance. (CVE-2016-6489) Additional Changes :
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 95849
    published 2016-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95849
    title Scientific Linux Security Update : nettle on SL7.x x86_64
redhat via4
advisories
bugzilla
id 1362016
title CVE-2016-6489 nettle: RSA/DSA code is vulnerable to cache-timing related attacks
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhsa:tst:20140675001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhsa:tst:20140675002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20140675003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20140675004
  • OR
    • AND
      • comment nettle is earlier than 0:2.7.1-8.el7
        oval oval:com.redhat.rhsa:tst:20162582005
      • comment nettle is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20162582006
    • AND
      • comment nettle-devel is earlier than 0:2.7.1-8.el7
        oval oval:com.redhat.rhsa:tst:20162582007
      • comment nettle-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20162582008
rhsa
id RHSA-2016:2582
released 2016-11-03
severity Moderate
title RHSA-2016:2582: nettle security and bug fix update (Moderate)
rpms
  • nettle-0:2.7.1-8.el7
  • nettle-devel-0:2.7.1-8.el7
refmap via4
confirm
gentoo GLSA-201706-21
misc https://eprint.iacr.org/2016/596.pdf
mlist [oss-security] 20160729 Re: CVE Request: nettle's RSA code is vulnerable to cache sharing related attacks
ubuntu USN-3193-1
Last major update 25-04-2017 - 13:38
Published 14-04-2017 - 14:59
Last modified 30-06-2017 - 21:30
Back to Top