SB2018090803 - Information disclosure vulnerabilities in RSA BSAFE SSL-J
Published: September 8, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2018-11068)
CWE-ID: CWE-244 - Improper Clearing of Heap Memory Before Release ('Heap Inspection')
CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a physically local high-privileged attacker to obtain potentially sensitive information.
The vulnerability exists due to improper clearing of heap memory before releasing the memory. A remote attacker can recover keys.
2) Covert timing attack (CVE-ID: CVE-2018-11069)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a network attacker to obtain potentially sensitive information.
The vulnerability exists due to covert time attack. A remote attacker can conduct a Bleichenbacher covert timing attack on the RSA decryption process and obtain the RSA private key.
3) Covert timing attack (CVE-ID: CVE-2018-11070)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a network attacker to obtain potentially sensitive information.
The vulnerability exists due to covert time attack. A remote attacker can conduct a Bleichenbacher covert timing attack on PKCS #1 unpadding operations and obtain the RSA private key.
Remediation
Install update from vendor's website.