SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (VPN)  >   OpenSSL Vendors:   OpenSSL.org
(Ubuntu Issues Fix) OpenSSL RSA Key Generation BN_mod_inverse() and BN_mod_exp_mont() Cache Timing Attack Lets Local Users Recover the Private Key
SecurityTracker Alert ID:  1041190
SecurityTracker URL:  http://securitytracker.com/id/1041190
CVE Reference:   CVE-2018-0737   (Links to External Site)
Date:  Jun 27 2018
Impact:   Disclosure of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in OpenSSL. A local user can recover the private key in certain cases.

A local user that can conduct a cache timing side channel attack against the RSA key generation algorithm's BN_mod_inverse() and BN_mod_exp_mont() functions may be able to recover the private key.

The vendor was notified on April 4, 2018.

Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia, and Luis Manuel Alvarez Tapia reported this vulnerability.

Impact:   A local user that can conduct a cache timing attack on the target system may be able to recover the private key in certain cases.
Solution:   Ubuntu has issued a fix.

The Ubuntu advisory is available at:

https://usn.ubuntu.com/usn/usn-3692-1

Vendor URL:  usn.ubuntu.com/usn/usn-3692-2 (Links to External Site)
Cause:   Access control error, State error
Underlying OS:  Linux (Ubuntu)
Underlying OS Comments:  12.04 ESM

Message History:   This archive entry is a follow-up to the message listed below.
Apr 16 2018 OpenSSL RSA Key Generation BN_mod_inverse() and BN_mod_exp_mont() Cache Timing Attack Lets Local Users Recover the Private Key



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC