Amazon Linux AMI update for openssl
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2018-0495 CVE-2017-3735 CVE-2018-0739 |
| CWE-ID | CWE-200 CWE-125 CWE-400 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
Amazon Linux AMI Operating systems & Components / Operating system |
| Vendor | Amazon Web Services |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Memory-cache side-channel attack
EUVDB-ID: #VU13370
Risk: Low
CVSSv3.1: 3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-0495
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists due to a leakage of information through memory caches when the affected library uses a private key to create Elliptic Curve Digital Signature Algorithm (ECDSA) signatures. A local attacker can conduct a memory-cache side-channel attack on ECDSA signatures and recover sensitive information, such as ECDSA private keys, which could be used to conduct further attacks.
Note: The vulnerability is known as the "Return Of the Hidden Number Problem" or ROHNP.
MitigationUpdate the affected packages.
i686:Vulnerable software versions
openssl-static-1.0.2k-16.146.amzn1.i686
openssl-1.0.2k-16.146.amzn1.i686
openssl-devel-1.0.2k-16.146.amzn1.i686
openssl-perl-1.0.2k-16.146.amzn1.i686
openssl-debuginfo-1.0.2k-16.146.amzn1.i686
src:
openssl-1.0.2k-16.146.amzn1.src
x86_64:
openssl-perl-1.0.2k-16.146.amzn1.x86_64
openssl-devel-1.0.2k-16.146.amzn1.x86_64
openssl-1.0.2k-16.146.amzn1.x86_64
openssl-static-1.0.2k-16.146.amzn1.x86_64
openssl-debuginfo-1.0.2k-16.146.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2018-1102.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Out-of-bounds read
EUVDB-ID: #VU8487
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:W/RC:C]
CVE-ID: CVE-2017-3735
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to one-byte out-of-bounds read when parsing an IPAddressFamily extension in an X.509 certificate. A remote attacker can disguise text display of the certificate.
MitigationUpdate the affected packages.
i686:Vulnerable software versions
openssl-static-1.0.2k-16.146.amzn1.i686
openssl-1.0.2k-16.146.amzn1.i686
openssl-devel-1.0.2k-16.146.amzn1.i686
openssl-perl-1.0.2k-16.146.amzn1.i686
openssl-debuginfo-1.0.2k-16.146.amzn1.i686
src:
openssl-1.0.2k-16.146.amzn1.src
x86_64:
openssl-perl-1.0.2k-16.146.amzn1.x86_64
openssl-devel-1.0.2k-16.146.amzn1.x86_64
openssl-1.0.2k-16.146.amzn1.x86_64
openssl-static-1.0.2k-16.146.amzn1.x86_64
openssl-debuginfo-1.0.2k-16.146.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2018-1102.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource exhaustion
EUVDB-ID: #VU11294
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0739
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to excessive stack memory consumption. A remote attacker can cause the service to crash.
Update the affected packages.
i686:Vulnerable software versions
openssl-static-1.0.2k-16.146.amzn1.i686
openssl-1.0.2k-16.146.amzn1.i686
openssl-devel-1.0.2k-16.146.amzn1.i686
openssl-perl-1.0.2k-16.146.amzn1.i686
openssl-debuginfo-1.0.2k-16.146.amzn1.i686
src:
openssl-1.0.2k-16.146.amzn1.src
x86_64:
openssl-perl-1.0.2k-16.146.amzn1.x86_64
openssl-devel-1.0.2k-16.146.amzn1.x86_64
openssl-1.0.2k-16.146.amzn1.x86_64
openssl-static-1.0.2k-16.146.amzn1.x86_64
openssl-debuginfo-1.0.2k-16.146.amzn1.x86_64
Amazon Linux AMI: All versions
External linkshttp://alas.aws.amazon.com/ALAS-2018-1102.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
