ID CVE-2018-10846
Summary A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.
References
Vulnerable Configurations
  • GNU GnuTLS
    cpe:2.3:a:gnu:gnutls
  • Red Hat Ansible Tower 3.3
    cpe:2.3:a:redhat:ansible_tower:3.3
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
CVSS
Base: 1.9
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
nessus via4
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-3050.NASL
    description From Red Hat Security Advisory 2018:3050 : An update for gnutls is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls (3.3.29). (BZ#1561481) Security Fix(es) : * gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (CVE-2018-10844) * gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (CVE-2018-10845) * gnutls: 'Just in Time' PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (CVE-2018-10846) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-07
    plugin id 118764
    published 2018-11-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118764
    title Oracle Linux 7 : gnutls (ELSA-2018-3050)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-1092.NASL
    description This update for gnutls fixes the following security issues : - Improved mitigations against Lucky 13 class of attacks - CVE-2018-10846: 'Just in Time' PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (bsc#1105460) - CVE-2018-10845: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (bsc#1105459) - CVE-2018-10844: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (bsc#1105437) - CVE-2017-10790: The _asn1_check_identifier function in Libtasn1 caused a NULL pointer dereference and crash (bsc#1047002) This update was imported from the SUSE:SLE-15:Update update project.
    last seen 2019-02-21
    modified 2018-10-03
    plugin id 117897
    published 2018-10-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117897
    title openSUSE Security Update : gnutls (openSUSE-2018-1092)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-1049.NASL
    description This update for gnutls fixes the following issues : Security issues fixed : - Improved mitigations against Lucky 13 class of attacks - CVE-2018-10846: 'Just in Time' PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (bsc#1105460) - CVE-2018-10845: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (bsc#1105459) - CVE-2018-10844: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (bsc#1105437) - CVE-2017-10790: The _asn1_check_identifier function in Libtasn1 caused a NULL pointer dereference and crash (bsc#1047002) This update was imported from the SUSE:SLE-12-SP3:Update update project.
    last seen 2019-02-21
    modified 2018-09-27
    plugin id 117792
    published 2018-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117792
    title openSUSE Security Update : gnutls (openSUSE-2018-1049)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-3050.NASL
    description An update for gnutls is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls (3.3.29). (BZ#1561481) Security Fix(es) : * gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (CVE-2018-10844) * gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (CVE-2018-10845) * gnutls: 'Just in Time' PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (CVE-2018-10846) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 118516
    published 2018-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118516
    title RHEL 7 : gnutls (RHSA-2018:3050)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1560.NASL
    description A set of vulnerabilities was discovered in GnuTLS which allowed attackers to do plain text recovery on TLS connections with certain cipher types. CVE-2018-10844 It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets. CVE-2018-10845 It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets. CVE-2018-10846 A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of 'Just in Time' Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets. For Debian 8 'Jessie', these problems have been fixed in version 3.3.30-0+deb8u1. It was found to be more practical to update to the latest upstream version of the 3.3.x branch since upstream's fixes were rather invasive and required cipher list changes anyways. This will facilitate future LTS updates as well. This change therefore also includes the following major policy changes, as documented in the NEWS file : - ARCFOUR (RC4) and SSL 3.0 are no longer included in the default priorities list. Those have to be explicitly enabled, e.g., with a string like 'NORMAL:+ARCFOUR-128' or 'NORMAL:+VERS-SSL3.0', respectively. - The ciphers utilizing HMAC-SHA384 and SHA256 have been removed from the default priority strings. They are not necessary for compatibility or other purpose and provide no advantage over their SHA1 counter-parts, as they all depend on the legacy TLS CBC block mode. - Follow closely RFC5280 recommendations and use UTCTime for dates prior to 2050. - Require strict DER encoding for certificates, OCSP requests, private keys, CRLs and certificate requests, in order to reduce issues due to the complexity of BER rules. - Refuse to import v1 or v2 certificates that contain extensions. API and ABI compatibility is retained, however, although new symbols have been added. Many bugfixes are also included in the upload. See the provided upstream changelog for more details. We recommend that you upgrade your gnutls28 packages and do not expect significant breakage. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-01
    plugin id 118504
    published 2018-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118504
    title Debian DLA-1560-1 : gnutls28 security update
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20181030_GNUTLS_ON_SL7_X.NASL
    description Security Fix(es) : - gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (CVE-2018-10844) - gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (CVE-2018-10845) - gnutls: 'Just in Time' PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (CVE-2018-10846)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 119184
    published 2018-11-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119184
    title Scientific Linux Security Update : gnutls on SL7.x x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2825-1.NASL
    description This update for gnutls fixes the following issues : This update for gnutls fixes the following issues : Security issues fixed : Improved mitigations against Lucky 13 class of attacks 'Just in Time' PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (CVE-2018-10846, bsc#1105460) HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (CVE-2018-10845, bsc#1105459) HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (CVE-2018-10844, bsc#1105437) The _asn1_check_identifier function in Libtasn1 caused a NULL pointer dereference and crash (CVE-2017-10790, bsc#1047002) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 117696
    published 2018-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117696
    title SUSE SLES12 Security Update : gnutls (SUSE-SU-2018:2825-1)
  • NASL family Amazon Linux Local Security Checks
    NASL id AL2_ALAS-2018-1120.NASL
    description It was found that GnuTLS's implementation of HMAC-SHA-256 was vulnerable to Lucky Thirteen-style attack. A remote attacker could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.(CVE-2018-10844) It was found that GnuTLS's implementation of HMAC-SHA-384 was vulnerable to a Lucky Thirteen-style attack. A remote attacker could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.(CVE-2018-10845) A cache-based side channel attack was found in the way GnuTLS implements CBC-mode cipher suites. An attacker could use a combination of 'Just in Time' Prime+probe and Lucky-13 attacks to recover plain text in a cross-VM attack scenario.(CVE-2018-10846)
    last seen 2019-02-21
    modified 2018-12-10
    plugin id 119503
    published 2018-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119503
    title Amazon Linux 2 : gnutls (ALAS-2018-1120)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-3050.NASL
    description An update for gnutls is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls (3.3.29). (BZ#1561481) Security Fix(es) : * gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (CVE-2018-10844) * gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (CVE-2018-10845) * gnutls: 'Just in Time' PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (CVE-2018-10846) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-12-17
    plugin id 119690
    published 2018-12-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119690
    title CentOS 7 : gnutls (CESA-2018:3050)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2825-2.NASL
    description This update for gnutls fixes the following issues : This update for gnutls fixes the following issues : Security issues fixed : Improved mitigations against Lucky 13 class of attacks 'Just in Time' PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (CVE-2018-10846, bsc#1105460) HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (CVE-2018-10845, bsc#1105459) HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (CVE-2018-10844, bsc#1105437) The _asn1_check_identifier function in Libtasn1 caused a NULL pointer dereference and crash (CVE-2017-10790, bsc#1047002) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 118292
    published 2018-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118292
    title SUSE SLES12 Security Update : gnutls (SUSE-SU-2018:2825-2)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2930-1.NASL
    description This update for gnutls fixes the following security issues : Improved mitigations against Lucky 13 class of attacks CVE-2018-10846: 'Just in Time' PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (bsc#1105460) CVE-2018-10845: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (bsc#1105459) CVE-2018-10844: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (bsc#1105437) CVE-2017-10790: The _asn1_check_identifier function in Libtasn1 caused a NULL pointer dereference and crash (bsc#1047002) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 120112
    published 2019-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120112
    title SUSE SLED15 / SLES15 Security Update : gnutls (SUSE-SU-2018:2930-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2842-1.NASL
    description This update for gnutls fixes the following issues : Security issues fixed : Improved mitigations against Lucky 13 class of attacks - 'Just in Time' PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (CVE-2018-10846, bsc#1105460) - HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (CVE-2018-10845, bsc#1105459) - HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (CVE-2018-10844, bsc#1105437) The _asn1_check_identifier function in Libtasn1 caused a NULL pointer dereference and crash (CVE-2017-10790, bsc#1047002) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 117702
    published 2018-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117702
    title SUSE SLED12 / SLES12 Security Update : gnutls (SUSE-SU-2018:2842-1)
redhat via4
advisories
  • bugzilla
    id 1582574
    title PRIME + PROBE cache-based side channel attack can lead to plaintext recovery
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment gnutls is earlier than 0:3.3.29-8.el7
          oval oval:com.redhat.rhsa:tst:20183050011
        • comment gnutls is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120429006
      • AND
        • comment gnutls-c++ is earlier than 0:3.3.29-8.el7
          oval oval:com.redhat.rhsa:tst:20183050007
        • comment gnutls-c++ is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140684010
      • AND
        • comment gnutls-dane is earlier than 0:3.3.29-8.el7
          oval oval:com.redhat.rhsa:tst:20183050013
        • comment gnutls-dane is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140684008
      • AND
        • comment gnutls-devel is earlier than 0:3.3.29-8.el7
          oval oval:com.redhat.rhsa:tst:20183050009
        • comment gnutls-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120429010
      • AND
        • comment gnutls-utils is earlier than 0:3.3.29-8.el7
          oval oval:com.redhat.rhsa:tst:20183050005
        • comment gnutls-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120429008
    rhsa
    id RHSA-2018:3050
    released 2018-10-30
    severity Moderate
    title RHSA-2018:3050: gnutls security, bug fix, and enhancement update (Moderate)
  • rhsa
    id RHSA-2018:3505
rpms
  • gnutls-0:3.3.29-8.el7
  • gnutls-c++-0:3.3.29-8.el7
  • gnutls-dane-0:3.3.29-8.el7
  • gnutls-devel-0:3.3.29-8.el7
  • gnutls-utils-0:3.3.29-8.el7
refmap via4
bid 105138
confirm
misc https://eprint.iacr.org/2018/747
mlist [debian-lts-announce] 20181030 [SECURITY] [DLA 1560-1] gnutls28 security update
Last major update 22-08-2018 - 09:29
Published 22-08-2018 - 09:29
Last modified 21-03-2019 - 12:59
Back to Top