Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS2-2019-1188

Related Vulnerabilities: CVE-2018-5407   CVE-2019-1559  

A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.(CVE-2018-5407) If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway).(CVE-2019-1559)

Source

ALAS2-2019-1188

Amazon Linux 2 Security Advisory: ALAS-2019-1188
Advisory Release Date: 2019-04-04 21:45 Pacific
Advisory Updated Date: 2019-04-17 16:59 Pacific
Severity: Medium
Issue Overview:

A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information.(CVE-2018-5407)

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway).(CVE-2019-1559)


Affected Packages:

openssl


Issue Correction:
Run yum update openssl to update your system.

New Packages:
aarch64:
    openssl-1.0.2k-16.amzn2.1.1.aarch64
    openssl-libs-1.0.2k-16.amzn2.1.1.aarch64
    openssl-devel-1.0.2k-16.amzn2.1.1.aarch64
    openssl-static-1.0.2k-16.amzn2.1.1.aarch64
    openssl-perl-1.0.2k-16.amzn2.1.1.aarch64
    openssl-debuginfo-1.0.2k-16.amzn2.1.1.aarch64

i686:
    openssl-1.0.2k-16.amzn2.1.1.i686
    openssl-libs-1.0.2k-16.amzn2.1.1.i686
    openssl-devel-1.0.2k-16.amzn2.1.1.i686
    openssl-static-1.0.2k-16.amzn2.1.1.i686
    openssl-perl-1.0.2k-16.amzn2.1.1.i686
    openssl-debuginfo-1.0.2k-16.amzn2.1.1.i686

src:
    openssl-1.0.2k-16.amzn2.1.1.src

x86_64:
    openssl-1.0.2k-16.amzn2.1.1.x86_64
    openssl-libs-1.0.2k-16.amzn2.1.1.x86_64
    openssl-devel-1.0.2k-16.amzn2.1.1.x86_64
    openssl-static-1.0.2k-16.amzn2.1.1.x86_64
    openssl-perl-1.0.2k-16.amzn2.1.1.x86_64
    openssl-debuginfo-1.0.2k-16.amzn2.1.1.x86_64

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started