CVE-2013-1620 - The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing

CVE-2013-1620

Summary

The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

References

Vulnerable Configurations

cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 09-10-2018 - 19:33)
Impact:
Exploitability:

CWE

CWE-310

CAPEC

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:N/A:N

redhat via4

advisories

bugzilla

id	986969
title	nssutil_ReadSecmodDB() leaks memory

oval

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331001

AND
comment nspr is earlier than 0:4.9.5-1.el5_9
oval oval:com.redhat.rhsa:tst:20131135002
comment nspr is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20150925003
AND
comment nspr-devel is earlier than 0:4.9.5-1.el5_9
oval oval:com.redhat.rhsa:tst:20131135004
comment nspr-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20150925005
AND
comment nss is earlier than 0:3.14.3-6.el5_9
oval oval:com.redhat.rhsa:tst:20131135006
comment nss is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20150925013
AND
comment nss-devel is earlier than 0:3.14.3-6.el5_9
oval oval:com.redhat.rhsa:tst:20131135010
comment nss-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20150925009

AND

comment nss-pkcs11-devel is earlier than 0:3.14.3-6.el5_9
oval oval:com.redhat.rhsa:tst:20131135012
comment nss-pkcs11-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20150925007

AND
comment nss-tools is earlier than 0:3.14.3-6.el5_9
oval oval:com.redhat.rhsa:tst:20131135008
comment nss-tools is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20150925011

rhsa

id	RHSA-2013:1135
released	2013-08-05
severity	Moderate
title	RHSA-2013:1135: nss and nspr security, bug fix, and enhancement update (Moderate)

bugzilla

id	985955
title	nss-softokn: missing partial RELRO [6.4.z]

oval

AND

comment Red Hat Enterprise Linux 6 Client is installed
oval oval:com.redhat.rhba:tst:20111656001
comment Red Hat Enterprise Linux 6 Server is installed
oval oval:com.redhat.rhba:tst:20111656002
comment Red Hat Enterprise Linux 6 Workstation is installed
oval oval:com.redhat.rhba:tst:20111656003
comment Red Hat Enterprise Linux 6 ComputeNode is installed
oval oval:com.redhat.rhba:tst:20111656004

AND
comment nspr is earlier than 0:4.9.5-2.el6_4
oval oval:com.redhat.rhsa:tst:20131144005
comment nspr is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364006
AND
comment nspr-devel is earlier than 0:4.9.5-2.el6_4
oval oval:com.redhat.rhsa:tst:20131144007
comment nspr-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364008
AND
comment nss-softokn is earlier than 0:3.14.3-3.el6_4
oval oval:com.redhat.rhsa:tst:20131144009
comment nss-softokn is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364024

AND

comment nss-softokn-devel is earlier than 0:3.14.3-3.el6_4
oval oval:com.redhat.rhsa:tst:20131144011
comment nss-softokn-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364026

AND

comment nss-softokn-freebl is earlier than 0:3.14.3-3.el6_4
oval oval:com.redhat.rhsa:tst:20131144015
comment nss-softokn-freebl is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364028

AND

comment nss-softokn-freebl-devel is earlier than 0:3.14.3-3.el6_4
oval oval:com.redhat.rhsa:tst:20131144013
comment nss-softokn-freebl-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364030

AND
comment nss is earlier than 0:3.14.3-4.el6_4
oval oval:com.redhat.rhsa:tst:20131144017
comment nss is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364010
AND
comment nss-devel is earlier than 0:3.14.3-4.el6_4
oval oval:com.redhat.rhsa:tst:20131144021
comment nss-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364016

AND

comment nss-pkcs11-devel is earlier than 0:3.14.3-4.el6_4
oval oval:com.redhat.rhsa:tst:20131144019
comment nss-pkcs11-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364018

AND
comment nss-sysinit is earlier than 0:3.14.3-4.el6_4
oval oval:com.redhat.rhsa:tst:20131144023
comment nss-sysinit is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364014
AND
comment nss-tools is earlier than 0:3.14.3-4.el6_4
oval oval:com.redhat.rhsa:tst:20131144025
comment nss-tools is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364012
AND
comment nss-util is earlier than 0:3.14.3-3.el6_4
oval oval:com.redhat.rhsa:tst:20131144027
comment nss-util is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364020

AND

comment nss-util-devel is earlier than 0:3.14.3-3.el6_4
oval oval:com.redhat.rhsa:tst:20131144029
comment nss-util-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364022

rhsa

id	RHSA-2013:1144
released	2013-08-07
severity	Moderate
title	RHSA-2013:1144: nss, nss-util, nss-softokn, and nspr security update (Moderate)

rpms

nspr-0:4.9.5-1.el5_9
nspr-devel-0:4.9.5-1.el5_9
nss-0:3.14.3-6.el5_9
nss-devel-0:3.14.3-6.el5_9
nss-pkcs11-devel-0:3.14.3-6.el5_9
nss-tools-0:3.14.3-6.el5_9
nspr-0:4.9.5-2.el6_4
nspr-devel-0:4.9.5-2.el6_4
nss-softokn-0:3.14.3-3.el6_4
nss-softokn-devel-0:3.14.3-3.el6_4
nss-softokn-freebl-0:3.14.3-3.el6_4
nss-softokn-freebl-devel-0:3.14.3-3.el6_4
nss-0:3.14.3-4.el6_4
nss-devel-0:3.14.3-4.el6_4
nss-pkcs11-devel-0:3.14.3-4.el6_4
nss-sysinit-0:3.14.3-4.el6_4
nss-tools-0:3.14.3-4.el6_4
nss-util-0:3.14.3-3.el6_4
nss-util-devel-0:3.14.3-3.el6_4

refmap via4

bid	57777 64758
bugtraq	20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
confirm	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.vmware.com/security/advisories/VMSA-2014-0012.html
fulldisc	20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
gentoo	GLSA-201406-19
misc	http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
mlist	[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations
suse	openSUSE-SU-2013:0630 openSUSE-SU-2013:0631
ubuntu	USN-1763-1

Last major update

09-10-2018 - 19:33

Published

08-02-2013 - 19:55