CVE-2018-16868
Published: 3 December 2018
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
Notes
| Author | Note |
|---|---|
| mdeslaur | Fixing this requires fixing CVE-2018-16869 in nettle first, but nettle changes are too intrusive to backport to stable releases. In addition, the upstream gnutls28 fix appears to break OpenPGP support when backported to the version in bionic. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
gnutls26 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Ignored
(change too intrusive)
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
|
gnutls28 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(change too intrusive)
|
| cosmic |
Ignored
(end of life)
|
|
| disco |
Released
(3.6.5-2ubuntu1)
|
|
| eoan |
Released
(3.6.5-2ubuntu1)
|
|
| focal |
Released
(3.6.5-2ubuntu1)
|
|
| groovy |
Released
(3.6.5-2ubuntu1)
|
|
| hirsute |
Released
(3.6.5-2ubuntu1)
|
|
| impish |
Released
(3.6.5-2ubuntu1)
|
|
| jammy |
Released
(3.6.5-2ubuntu1)
|
|
| kinetic |
Released
(3.6.5-2ubuntu1)
|
|
| lunar |
Released
(3.6.5-2ubuntu1)
|
|
| trusty |
Does not exist
(trusty was needed)
|
|
| upstream |
Released
(3.6.5-2)
|
|
| xenial |
Ignored
(change too intrusive)
|
|
|
Patches: upstream: https://gitlab.com/gnutls/gnutls/commit/4804febddc2ed958e5ae774de2a8f85edeeff538 upstream: https://gitlab.com/gnutls/gnutls/commit/ed3bdddab73c792364deec423b2c2c498a939a64 |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.6 |
| Attack vector | Physical |
| Attack complexity | High |
| Privileges required | Low |
| User interaction | None |
| Scope | Changed |
| Confidentiality | High |
| Integrity impact | Low |
| Availability impact | None |
| Vector | CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N |