SB2020031903 - Amazon Linux AMI update for nss, nss-softokn, nss-util, nspr 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020031903

SB2020031903 - Amazon Linux AMI update for nss, nss-softokn, nss-util, nspr

Published: March 19, 2020

Security Bulletin ID SB2020031903
Severity
High
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 25% Medium 50% Low 25%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Memory-cache side-channel attack (CVE-ID: CVE-2018-0495)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists due to a leakage of information through memory caches when the affected library uses a private key to create Elliptic Curve Digital Signature Algorithm (ECDSA) signatures.  A local attacker can conduct a memory-cache side-channel attack on ECDSA signatures and recover sensitive information, such as ECDSA private keys, which could be used to conduct further attacks. 

Note: The vulnerability is known as the "Return Of the Hidden Number Problem" or ROHNP.


2) Cache Attacks (CVE-ID: CVE-2018-12404)

The vulnerability allows a remote attacker to perform a downgrade attack on the server and decrypt private keys on the target system.

The vulnerability exists due to a core weakness in TLS that relates to the handshaking of the session key which is used within the tunnel during parallelisation of thousands of oracle queries that occurs using a cluster of TLS servers which share the same public key certificate. A remote attacker can mount a microarchitectural side channel attack against a vulnerable implementation, obtain a network man-in-the-middle position, obtain the relevant data to sign and trigger the victim server to decrypt ciphertexts chosen by the adversary to perform a downgrade attack.







3) Input validation error (CVE-ID: CVE-2019-11729)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when processing an empty or malformed p256-ECDH public keys. A remote attacker can trigger a segmentation fault and cause a denial of service condition on the target system.


4) Out-of-bounds write (CVE-ID: CVE-2019-11745)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input within the NSC_EncryptUpdate() function in /lib/softoken/pkcs11c.c, when performing padding operations in Mozilla NSS. A remote attacker can pass specially crafted data to the affected application, trigger out-of-bounds write and execute arbitrary code on the target system.


Remediation

Install update from vendor's website.

References