4

CVE-2013-1619

Exploit
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuGnutls Version2.0.0
GnuGnutls Version2.0.1
GnuGnutls Version2.0.2
GnuGnutls Version2.0.3
GnuGnutls Version2.0.4
GnuGnutls Version2.1.0
GnuGnutls Version2.1.1
GnuGnutls Version2.1.2
GnuGnutls Version2.1.3
GnuGnutls Version2.1.4
GnuGnutls Version2.1.5
GnuGnutls Version2.1.6
GnuGnutls Version2.1.7
GnuGnutls Version2.1.8
GnuGnutls Version2.2.0
GnuGnutls Version2.2.1
GnuGnutls Version2.2.2
GnuGnutls Version2.2.3
GnuGnutls Version2.2.4
GnuGnutls Version2.2.5
GnuGnutls Version2.3.0
GnuGnutls Version2.3.1
GnuGnutls Version2.3.2
GnuGnutls Version2.3.3
GnuGnutls Version2.3.4
GnuGnutls Version2.3.5
GnuGnutls Version2.3.6
GnuGnutls Version2.3.7
GnuGnutls Version2.3.8
GnuGnutls Version2.3.9
GnuGnutls Version2.3.10
GnuGnutls Version2.3.11
GnuGnutls Version2.4.0
GnuGnutls Version2.4.1
GnuGnutls Version2.4.2
GnuGnutls Version2.4.3
GnuGnutls Version2.5.0
GnuGnutls Version2.6.0
GnuGnutls Version2.6.1
GnuGnutls Version2.6.2
GnuGnutls Version2.6.3
GnuGnutls Version2.6.4
GnuGnutls Version2.6.5
GnuGnutls Version2.6.6
GnuGnutls Version2.7.4
GnuGnutls Version2.8.0
GnuGnutls Version2.8.1
GnuGnutls Version2.8.2
GnuGnutls Version2.8.3
GnuGnutls Version2.8.4
GnuGnutls Version2.8.5
GnuGnutls Version2.8.6
GnuGnutls Version2.10.0
GnuGnutls Version2.10.1
GnuGnutls Version2.10.2
GnuGnutls Version2.10.3
GnuGnutls Version2.10.4
GnuGnutls Version2.10.5
GnuGnutls Version2.12.0
GnuGnutls Version2.12.1
GnuGnutls Version2.12.2
GnuGnutls Version2.12.3
GnuGnutls Version2.12.4
GnuGnutls Version2.12.5
GnuGnutls Version2.12.6
GnuGnutls Version2.12.6.1
GnuGnutls Version2.12.7
GnuGnutls Version2.12.8
GnuGnutls Version2.12.9
GnuGnutls Version2.12.10
GnuGnutls Version2.12.11
GnuGnutls Version2.12.12
GnuGnutls Version2.12.13
GnuGnutls Version2.12.14
GnuGnutls Version2.12.15
GnuGnutls Version2.12.16
GnuGnutls Version2.12.17
GnuGnutls Version2.12.18
GnuGnutls Version2.12.19
GnuGnutls Version2.12.20
GnuGnutls Version2.12.21
GnuGnutls Version2.12.22
GnuGnutls Version3.0
GnuGnutls Version3.0.0
GnuGnutls Version3.0.1
GnuGnutls Version3.0.2
GnuGnutls Version3.0.3
GnuGnutls Version3.0.4
GnuGnutls Version3.0.5
GnuGnutls Version3.0.6
GnuGnutls Version3.0.7
GnuGnutls Version3.0.8
GnuGnutls Version3.0.9
GnuGnutls Version3.0.10
GnuGnutls Version3.0.11
GnuGnutls Version3.0.12
GnuGnutls Version3.0.13
GnuGnutls Version3.0.14
GnuGnutls Version3.0.15
GnuGnutls Version3.0.16
GnuGnutls Version3.0.17
GnuGnutls Version3.0.18
GnuGnutls Version3.0.19
GnuGnutls Version3.0.20
GnuGnutls Version3.0.21
GnuGnutls Version3.0.22
GnuGnutls Version3.0.23
GnuGnutls Version3.0.24
GnuGnutls Version3.0.25
GnuGnutls Version3.0.26
GnuGnutls Version3.0.27
GnuGnutls Version3.1.0
GnuGnutls Version3.1.1
GnuGnutls Version3.1.2
GnuGnutls Version3.1.3
GnuGnutls Version3.1.4
GnuGnutls Version3.1.5
GnuGnutls Version3.1.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.44% 0.928
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4 4.9 4.9
AV:N/AC:H/Au:N/C:P/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
http://secunia.com/advisories/57260
http://openwall.com/lists/oss-security/2013/02/05/24
http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html
http://lists.opensuse.org/opensuse-updates/2013-05/msg00023.html
http://nmav.gnutls.org/2013/02/time-is-money-for-cbc-ciphersuites.html
http://rhn.redhat.com/errata/RHSA-2013-0588.html
http://secunia.com/advisories/57274
http://www.gnutls.org/security.html#GNUTLS-SA-2013-1
http://www.ubuntu.com/usn/USN-1752-1
https://gitorious.org/gnutls/gnutls/commit/328ee22c1b3951e060c7124c7cb1cee592c59bc0
Patch
Exploit
https://gitorious.org/gnutls/gnutls/commit/b8391806cd79095fe566f2401d8c7ad85a64b198
Patch
Exploit