Test ID:	1.3.6.1.4.1.25623.1.0.108483
Category:	General
Title:	OpenSSL: Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407) (Linux)
Summary:	This host is running OpenSSL and is prone; to an information disclosure vulnerability.
Description:	Summary: This host is running OpenSSL and is prone to an information disclosure vulnerability. Vulnerability Insight: OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been shown to be vulnerable to a microarchitecture timing side channel attack. Vulnerability Impact: An attacker with sufficient access to mount local timing attacks during ECDSA signature generation could recover the private key. Affected Software/OS: OpenSSL versions 1.1.0-1.1.0h and 1.0.2-1.0.2p. Solution: Upgrade OpenSSL to version 1.0.2q, 1.1.0i or later. See the references for more details. CVSS Score: 1.9 CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N
Cross-Ref:	BugTraq ID: 105897 Common Vulnerability Exposure (CVE) ID: CVE-2018-5407 https://www.exploit-db.com/exploits/45785/ https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html https://eprint.iacr.org/2018/1060.pdf https://github.com/bbbrumley/portsmash Debian Security Information: DSA-4348 (Google Search) https://www.debian.org/security/2018/dsa-4348 Debian Security Information: DSA-4355 (Google Search) https://www.debian.org/security/2018/dsa-4355 https://usn.ubuntu.com/3840-1/ http://www.securityfocus.com/bid/105897
Copyright	Copyright (C) 2018 Greenbone Networks GmbH

This is only one of 71225 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: