CVE-2018-16868
Published: 3 December 2018
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
Notes
Author | Note |
---|---|
mdeslaur | Fixing this requires fixing CVE-2018-16869 in nettle first, but nettle changes are too intrusive to backport to stable releases. In addition, the upstream gnutls28 fix appears to break OpenPGP support when backported to the version in bionic. |
Priority
Status
Package | Release | Status |
---|---|---|
gnutls26 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Ignored
(change too intrusive)
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
gnutls28 Launchpad, Ubuntu, Debian |
bionic |
Ignored
(change too intrusive)
|
cosmic |
Ignored
(reached end-of-life)
|
|
disco |
Released
(3.6.5-2ubuntu1)
|
|
eoan |
Released
(3.6.5-2ubuntu1)
|
|
focal |
Released
(3.6.5-2ubuntu1)
|
|
groovy |
Released
(3.6.5-2ubuntu1)
|
|
hirsute |
Released
(3.6.5-2ubuntu1)
|
|
impish |
Released
(3.6.5-2ubuntu1)
|
|
jammy |
Released
(3.6.5-2ubuntu1)
|
|
kinetic |
Released
(3.6.5-2ubuntu1)
|
|
lunar |
Released
(3.6.5-2ubuntu1)
|
|
trusty |
Does not exist
(trusty was needed)
|
|
upstream |
Released
(3.6.5-2)
|
|
xenial |
Ignored
(change too intrusive)
|
|
Patches: upstream: https://gitlab.com/gnutls/gnutls/commit/4804febddc2ed958e5ae774de2a8f85edeeff538 (3.6) upstream: https://gitlab.com/gnutls/gnutls/commit/ed3bdddab73c792364deec423b2c2c498a939a64 (3.6) |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.6 |
Attack vector | Physical |
Attack complexity | High |
Privileges required | Low |
User interaction | None |
Scope | Changed |
Confidentiality | High |
Integrity impact | Low |
Availability impact | None |
Vector | CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N |