#VU11854 Information disclosure in OpenSSL - CVE-2018-0737


Vulnerability identifier: #VU11854

Vulnerability risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-0737

CWE-ID: CWE-200

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
OpenSSL
Server applications / Encryption software

Vendor: OpenSSL Software Foundation

Description
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists in the RSA key generation algorithm's BN_mod_inverse() and BN_mod_exp_mont() functions due to a cache timing side channel attack. A local attacker can recover the private key.

Mitigation
Update to versions 1.1.0i or 1.0.2p.

Vulnerable software versions

OpenSSL: 1.0.2o - 1.0.2, 1.1.0g - 1.1.0

External links
http://www.openssl.org/news/secadv/20180416.txt

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Dynamic System Analysis (DSA) Preboot
Multiple vulnerabilities in IBM GCM16 & GCM32 KVM Switch Firmware
SolarWinds Platform update for third-party components
Multiple vulnerabilities in Dell Networker
Multiple vulnerabilities in Dell EMC Cloud Tiering Appliance Family
Juniper Networks Steel-Belted Radius (SBR) Carrier update for OpenSSL
Red Hat JBoss Core Services update Apache HTTP Server 2.4.37 (RHEL 7)
Red Hat JBoss Core Services update for Apache HTTP Server 2.4.37 (RHEL 6)
Red Hat JBoss Core Services update for Apache HTTP Server 2.4.37
OpenSUSE Linux update for openssl-1