what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

CVE-2018-5407

Status Candidate

Overview

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

Related Files

Red Hat Security Advisory 2019-3935-01
Posted Nov 20, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3935-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Issues addressed include bypass and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2018-0734, CVE-2018-0737, CVE-2018-17189, CVE-2018-17199, CVE-2018-5407, CVE-2019-0196, CVE-2019-0197, CVE-2019-0217, CVE-2019-9511, CVE-2019-9513, CVE-2019-9516, CVE-2019-9517
SHA-256 | 38d04c60a0844680fb8dbf1f69783df06839251f87cb4f8f1f68b024aae0c58d
Red Hat Security Advisory 2019-3932-01
Posted Nov 20, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3932-01 - This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Issues addressed include bypass and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2018-0734, CVE-2018-0737, CVE-2018-17189, CVE-2018-17199, CVE-2018-5407, CVE-2019-0196, CVE-2019-0197, CVE-2019-0217, CVE-2019-9511, CVE-2019-9513, CVE-2019-9516, CVE-2019-9517
SHA-256 | f949d1cc276a7bf012b0e797c6862801bf97e2c5aaac95a796e59d77b371fb59
Red Hat Security Advisory 2019-3933-01
Posted Nov 20, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3933-01 - This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Issues addressed include bypass and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2018-0734, CVE-2018-0737, CVE-2018-17189, CVE-2018-17199, CVE-2018-5407, CVE-2019-0196, CVE-2019-0197, CVE-2019-0217, CVE-2019-9511, CVE-2019-9513, CVE-2019-9516, CVE-2019-9517
SHA-256 | dac80e1c3458729338d3267cf431efdab4daa1ca2b791a55f1f323f8a84c4bb4
Red Hat Security Advisory 2019-3929-01
Posted Nov 20, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3929-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.2 serves as a replacement for Red Hat JBoss Web Server 5.1, and includes bug fixes, enhancements, and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a cross site scripting vulnerability.

tags | advisory, java, web, xss
systems | linux, redhat
advisories | CVE-2018-5407, CVE-2019-0221, CVE-2019-10072, CVE-2019-1559
SHA-256 | 80f28c1ed396da36a178c6f1d6c7eae27d31ab38180de9357eb6ac5e272131c5
Red Hat Security Advisory 2019-3931-01
Posted Nov 20, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3931-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. Issues addressed include cross site scripting and denial of service vulnerabilities.

tags | advisory, java, web, denial of service, vulnerability, xss
systems | linux, redhat
advisories | CVE-2018-5407, CVE-2019-0221, CVE-2019-10072, CVE-2019-1559
SHA-256 | c2a35f03e9c5eeee86dc6f02e3e82b10b06198741a15251e69754785d5ba9c63
Red Hat Security Advisory 2019-2125-01
Posted Aug 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2125-01 - OVMF is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Issues addressed include buffer overflow and denial of service vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2017-5731, CVE-2017-5732, CVE-2017-5733, CVE-2017-5734, CVE-2017-5735, CVE-2018-12181, CVE-2018-3613, CVE-2018-5407, CVE-2019-0160, CVE-2019-0161
SHA-256 | f1ce3bc23fa8f98e73cfdd22626f368309e65fc07adfe5505bc47b51a9c6d3df
Red Hat Security Advisory 2019-0651-01
Posted Mar 27, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0651-01 - Ansible Tower version 3.4.3 has security updates that Red Hat did not feel like explaining in this advisory.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-5407
SHA-256 | f3a989fc6b07f1220ca069b313f166cd30aa34a90781112c73dfa0b9d5f7739d
Red Hat Security Advisory 2019-0652-01
Posted Mar 27, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0652-01 - Ansible Tower version 3.3.5 has security updates that Red Hat did not feel like explaining in this advisory.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-5407, CVE-2019-3835, CVE-2019-3838
SHA-256 | 2638cb5d98f9dd47e1a7385986d6b92adb44d0f3f85b6e4bc38cb0d57d8dd34c
Gentoo Linux Security Advisory 201903-10
Posted Mar 14, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201903-10 - Multiple Information Disclosure vulnerabilities in OpenSSL allow attackers to obtain sensitive information. Versions less than 1.0.2r are affected.

tags | advisory, vulnerability, info disclosure
systems | linux, gentoo
advisories | CVE-2018-5407, CVE-2019-1559
SHA-256 | 77f749728ff0ba1057d2f4792d97c1278a4ef4a6d57fe67b15d03cfd253b0d2d
Red Hat Security Advisory 2019-0483-01
Posted Mar 13, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0483-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include a side-channel attack vulnerability.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2018-5407
SHA-256 | a618a5310c8760e101ca251a93cfd97e0b0488342317a121ef2aa9edf705ceec
Debian Security Advisory 4355-1
Posted Dec 20, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4355-1 - Several local side channel attacks and a denial of service via large Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit.

tags | advisory, denial of service, local
systems | linux, debian
advisories | CVE-2018-0732, CVE-2018-0734, CVE-2018-0737, CVE-2018-5407
SHA-256 | b913df49694577978d9065ec818547f4d3d6619f2cbbc393194fc7e2ac40992a
Ubuntu Security Notice USN-3840-1
Posted Dec 7, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3840-1 - Samuel Weiser discovered that OpenSSL incorrectly handled DSA signing. An attacker could possibly use this issue to perform a timing side-channel attack and recover private DSA keys. Samuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2018-0734, CVE-2018-0735, CVE-2018-5407
SHA-256 | aa103792855188068858eb462036ea647e15c0cef998d6eb2bb4336601fef0fb
Debian Security Advisory 4348-1
Posted Dec 3, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4348-1 - Several local side channel attacks and a denial of service via large Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit.

tags | advisory, denial of service, local
systems | linux, debian
advisories | CVE-2018-0732, CVE-2018-0734, CVE-2018-0735, CVE-2018-0737, CVE-2018-5407
SHA-256 | 984666d462c32381f4c81ceeb80d94d68254862db64e2525c9fc37e73b61fd81
Slackware Security Advisory - openssl Updates
Posted Nov 22, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssl packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2018-0734, CVE-2018-5407
SHA-256 | 81278317094fe94be6df033760ad0daf14350b896b60f71ff53ddee0a0ea982f
OpenSSL Security Advisory 20181112
Posted Nov 12, 2018
Site openssl.org

OpenSSL Security Advisory 20181112 - OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been shown to be vulnerable to a microarchitecture timing side channel attack. An attacker with sufficient access to mount local timing attacks during ECDSA signature generation could recover the private key.

tags | advisory, local
advisories | CVE-2018-5407
SHA-256 | fcdef964e9fc6b0898239d73753f138103c16be565a54d5caebcaf7ed40d45a2
PortSmash CPU SMT Side-Channel Proof Of Concept
Posted Nov 2, 2018
Authored by Bill Brumley

This is a proof of concept exploit of the PortSmash micro-architecture vulnerability that makes use of an SMT side-channel attack.

tags | exploit, proof of concept
advisories | CVE-2018-5407
SHA-256 | 883afbc344f3891cddcec8777cf2e0d9c121b4315090fae51c38ec879915df0e
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close