Multiple vulnerabilities in OpenBSD

Published: 2018-07-04

Risk	Low
Patch available	YES
Number of vulnerabilities	3
CVE-ID	N/A
CWE-ID	CWE-200 CWE-264
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	OpenBSD Operating systems & Components / Operating system
Vendor	OpenBSD

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Timing attack

EUVDB-ID: #VU13551

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: N/A

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

Description

The vulnerability allows a remote attacker to conduct timing attack on the target system.

The weakness exists due to DSA and ECDSA signature generation can potentially leak secret information. A remote attacker can conduct a timing side-channel attack and gain access to potentially sensitive information.

Mitigation

Update to version 6.3.

Vulnerable software versions

OpenBSD: 5.7 - 6.2

CPE2.3

External links

https://ftp.openbsd.org/pub/OpenBSD/patches/6.3/common/009_libcrypto.patch.sig

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Information disclosure

EUVDB-ID: #VU13552

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: N/A

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to Intel CPUs speculatively access FPU registers even when the FPU is disabled. A remote attacker can use the lazy-save approach and discover data (including AES keys) from previous contexts.

Mitigation

Update to version 6.3.

Vulnerable software versions

OpenBSD: 5.7 - 6.2

CPE2.3

External links

https://ftp.openbsd.org/pub/OpenBSD/patches/6.3/common/010_intelfpu.patch.sig

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Security restrictions bypass

EUVDB-ID: #VU13553

Risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: N/A

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to unspecified flaw. A remote attacker can bypass security restrictions and cause Perl's Archive::Tar module to write files outside of its working directory.

Mitigation

Update to version 6.3.

Vulnerable software versions

OpenBSD: 5.7 - 6.2

CPE2.3

External links

https://ftp.openbsd.org/pub/OpenBSD/patches/6.3/common/011_perl.patch.sig

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.