Ubuntu update for NSS
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2018-0495 CVE-2018-12384 CVE-2018-12404 |
| CWE-ID | CWE-200 CWE-300 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #3 is available. |
| Vulnerable software Subscribe |
nss (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Memory-cache side-channel attack
EUVDB-ID: #VU13370
Risk: Low
CVSSv3.1: 3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-0495
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists due to a leakage of information through memory caches when the affected library uses a private key to create Elliptic Curve Digital Signature Algorithm (ECDSA) signatures. A local attacker can conduct a memory-cache side-channel attack on ECDSA signatures and recover sensitive information, such as ECDSA private keys, which could be used to conduct further attacks.
Note: The vulnerability is known as the "Return Of the Hidden Number Problem" or ROHNP.
MitigationUpdate the affected packages.
- Ubuntu 18.10
- libnss3 - 2:3.36.1-1ubuntu1.1
- Ubuntu 18.04 LTS
- libnss3 - 2:3.35-2ubuntu2.1
- Ubuntu 16.04 LTS
- libnss3 - 2:3.28.4-0ubuntu0.16.04.4
- Ubuntu 14.04 LTS
- libnss3 - 2:3.28.4-0ubuntu0.14.04.4
nss (Ubuntu package): 2:3.28.4-0ubuntu0.14.04.1 - 2:3.28.4-0ubuntu0.16.04.2
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Man-in-the-middle attack
EUVDB-ID: #VU15735
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-12384
CWE-ID:
CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
Exploit availability: No
Description
The vulnerability allows a remote attacker to conduct man-in-the-middle attack on the target system.
The weakness exists due to ServerHello.random is all zero when handling a v2-compatible ClientHello. A remote attacker can use man-in-the-middle techniques to conduct passive replay attack and obtain potentially sensitive information.
MitigationUpdate the affected packages.
- Ubuntu 18.10
- libnss3 - 2:3.36.1-1ubuntu1.1
- Ubuntu 18.04 LTS
- libnss3 - 2:3.35-2ubuntu2.1
- Ubuntu 16.04 LTS
- libnss3 - 2:3.28.4-0ubuntu0.16.04.4
- Ubuntu 14.04 LTS
- libnss3 - 2:3.28.4-0ubuntu0.14.04.4
nss (Ubuntu package): 2:3.28.4-0ubuntu0.14.04.1 - 2:3.28.4-0ubuntu0.16.04.2
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Cache Attacks
EUVDB-ID: #VU16219
Risk: Medium
CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-12404
CWE-ID:
CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a downgrade attack on the server and decrypt private keys on the target system.
The vulnerability exists due to a core weakness in TLS that relates to the handshaking of the session key which is used within the tunnel during parallelisation of thousands of oracle queries that occurs using a cluster of TLS servers which share the same public key certificate. A remote attacker can mount a microarchitectural side channel attack against a vulnerable implementation, obtain a network man-in-the-middle position, obtain the relevant data to sign and trigger the victim server to decrypt ciphertexts chosen by the adversary to perform a downgrade attack.
Update the affected packages.
- Ubuntu 18.10
- libnss3 - 2:3.36.1-1ubuntu1.1
- Ubuntu 18.04 LTS
- libnss3 - 2:3.35-2ubuntu2.1
- Ubuntu 16.04 LTS
- libnss3 - 2:3.28.4-0ubuntu0.16.04.4
- Ubuntu 14.04 LTS
- libnss3 - 2:3.28.4-0ubuntu0.14.04.4
nss (Ubuntu package): 2:3.28.4-0ubuntu0.14.04.1 - 2:3.28.4-0ubuntu0.16.04.2
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
