SB2020020801 - Ubuntu update for ARM mbed TLS

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020020801

SB2020020801 - Ubuntu update for ARM mbed TLS

Published: February 8, 2020

Security Bulletin ID SB2020020801
Severity
High
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 40% Low 60%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2018-0498)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists in ARM mbed TLS  due to insufficient security restrictions imposed by the affected software when a cipher suite based on cipher block chaining (CBC) is used. A remote attacker who is able to observe and manipulate network packets can conduct a timing-based side-channel attack and partially recover the plaintext content.


2) Information disclosure (CVE-ID: CVE-2018-0497)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists in ARM mbed TLS  due to incomplete fix for CVE-2013-0169 and improper calculation of the secure hash algorithm-384 (SHA-384) when using a cipher suite based on cipher block chaining (CBC). A remote attacker who is able to observe and manipulate network packets can conduct a timing-based side-channel attack and partially recover the plaintext content.


3) Remote code execution (CVE-ID: CVE-2018-0488)

The vulnerability allows a remote unauthenticated attacker to execute arbitrary code on the target system.

The weakness exists due to improper processing of crafted packets when using the truncated HMAC extension and CBC. A remote attacker can send a specially crafted input and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

4) Buffer overflow (CVE-ID: CVE-2018-0487)

The vulnerability allows a remote unauthenticated attacker to execute arbitrary code on the target system.

The weakness exists due to improper validation of Rivest-Shamir-Adleman Probabilistic Signature Scheme (RSASSA-PSS) signatures. A remote attacker can send a specially crafted certificate chain, which the affected software can mishandle during RSASSA-PSS signature verification, trigger buffer overflow and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

5) Security restrictions bypass (CVE-ID: CVE-2017-18187)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c. A remote attacker can trigger memory corruption and bypass bounds-check.

Remediation

Install update from vendor's website.

References