Multiple vulnerabilities in OpenBSD



Published: 2018-07-04
Risk Low
Patch available YES
Number of vulnerabilities 3
CVE-ID N/A
CWE-ID CWE-200
CWE-264
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		OpenBSD
Operating systems & Components / Operating system

Vendor OpenBSD

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Timing attack

EUVDB-ID: #VU13551

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to conduct timing attack on the target system.

The weakness exists due to DSA and ECDSA signature generation can potentially leak secret information. A remote attacker can conduct a timing side-channel attack and gain access to potentially sensitive information.

Mitigation

Update to version 6.3.

Vulnerable software versions

OpenBSD: 5.7 - 6.2

External links

http://ftp.openbsd.org/pub/OpenBSD/patches/6.3/common/009_libcrypto.patch.sig


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Information disclosure

EUVDB-ID: #VU13552

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to Intel CPUs speculatively access FPU registers even when the FPU is disabled. A remote attacker can use the lazy-save approach and discover data (including AES keys) from previous contexts.

Mitigation

Update to version 6.3.

Vulnerable software versions

OpenBSD: 5.7 - 6.2

External links

http://ftp.openbsd.org/pub/OpenBSD/patches/6.3/common/010_intelfpu.patch.sig


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Security restrictions bypass

EUVDB-ID: #VU13553

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to unspecified flaw. A remote attacker can bypass security restrictions and cause Perl's Archive::Tar module to write files outside of its working directory.

Mitigation

Update to version 6.3.

Vulnerable software versions

OpenBSD: 5.7 - 6.2

External links

http://ftp.openbsd.org/pub/OpenBSD/patches/6.3/common/011_perl.patch.sig


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###