CVE-2013-0169

Published Feb 8, 2013
Last updated 3 months ago
CVSS info 2.6
Overview

Description: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Source: secalert@redhat.com
NVD status: Modified
Risk scores

CVSS 2.0

Type: Primary
Base score: 2.6
Impact score: 2.9
Exploitability score: 4.9
Vector string: AV:N/AC:H/Au:N/C:P/I:N/A:N
Weaknesses

nvd@nist.gov: CWE-310
Hype score: Not currently trending
Evaluator

Comment: Per http://www.openssl.org/news/vulnerabilities.html: Fixed in OpenSSL 1.0.1d (Affected 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1) Fixed in OpenSSL 1.0.0k (Affected 1.0.0j, 1.0.0i, 1.0.0g, 1.0.0f, 1.0.0e, 1.0.0d, 1.0.0c, 1.0.0b, 1.0.0a, 1.0.0) Fixed in OpenSSL 0.9.8y (Affected 0.9.8x, 0.9.8w, 0.9.8v, 0.9.8u, 0.9.8t, 0.9.8s, 0.9.8r, 0.9.8q, 0.9.8p, 0.9.8o, 0.9.8n, 0.9.8m, 0.9.8l, 0.9.8k, 0.9.8j, 0.9.8i, 0.9.8h, 0.9.8g, 0.9.8f, 0.9.8d, 0.9.8c, 0.9.8b, 0.9.8a, 0.9.8) Affected users should upgrade to OpenSSL 1.0.1e, 1.0.0k or 0.9.8y (The fix in 1.0.1d wasn't complete, so please use 1.0.1e or later)
Impact: -
Solution: -
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C2F01ED-AB65-4006-AE2A-E9F73791D436",
            "versionEndIncluding": "0.9.8x",
            "versionStartIncluding": "0.9.8"
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "581DC050-33FB-408D-AB43-D3D796BCBBDE",
            "versionEndIncluding": "1.0.0j",
            "versionStartIncluding": "1.0.0"
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02E6874F-3469-4173-92DE-1E90F0B241FB",
            "versionEndIncluding": "1.0.1d",
            "versionStartIncluding": "1.0.1"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C58642D-8504-4D3B-A411-96B83CFCD05D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "603BED29-3B3F-49AD-A518-E68B40AE8484"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F03670F-559C-433D-8AE8-A3C16F05E1D8"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A294535-7190-4C33-910D-0520F575D800"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52A6300A-98F2-4E5A-909E-895A6C5B1D04"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update13:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2280FB93-81A0-4BF4-AD7E-C9EAD277B379"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update14:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E42E405-91ED-4F41-A2EE-CECB27EB4951"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update15:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11BCE518-1A35-44DE-9B40-B89E7637F830"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update16:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46D0BB1F-FA76-4185-ACD4-587DFB24CFF7"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update17:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D27FDDD5-083F-4A83-836F-BDCEB94894FA"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update18:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30BF0C2F-BF35-41B8-BC6A-F2DACE6A9A32"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update19:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE05CDF7-1C43-46BF-9A7E-56B31BC1C837"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A520D505-7BDC-4E82-8A43-7C50AEE2B222"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update20:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5ADF3C32-6663-4003-B7D6-CE3D02AFF45E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update21:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F15C4440-6283-433E-998E-856DA7ED4DB5"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update22:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C729FF50-6E41-4CEB-888A-E0FBD69B7897"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update23:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB0AB341-46CE-4851-899A-B09C81A9792E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update24:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68EF7AC1-0179-4E10-89DD-5DA33682B3F8"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update25:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "243726CF-F79A-4487-8807-FFA0AC86760B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update26:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5DECF6EC-B787-4CBA-936C-527864B504DB"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update27:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C70C7D7-4E28-49D9-A007-EB186E85E5B6"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update29:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "99B2B1A1-C3E5-4A32-8F5A-4BA8664E7537"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F57C81C-446F-462C-BB64-65F87D1AA28F"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update30:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CFFA025-08DC-4AEF-AAE3-B20ECCB0946E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update31:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ACBA03CE-2EF2-4C51-B796-54C65C3CFBCD"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update32:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "085241E5-F958-43DD-AB0A-35EAF6954CB7"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update33:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20CD7414-1D66-4311-90FB-5D53C0C22D82"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update34:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6DCB646B-3F17-427D-AE89-039FCA1F6D7D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update35:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA2AB84A-05D5-4091-B225-7762A73D45BD"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update37:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A5A15F9-5047-4BB9-9B3E-A00998B6E7C3"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update38:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11A0378E-0D41-4FE0-8DAF-A01B66D814DE"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "942C51A3-87AC-4DB5-BAB9-3771A19C472A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C34819D3-615F-4CEE-BEAA-CE48BC2E53BC"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D97A141E-5FC0-4B79-ABAA-82F6DE857625"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D32EAE02-B313-47AC-A1A3-BBF58A692E02"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81EA5E3B-7EA9-45A4-9B69-2DD96471A731"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "27DED59D-C293-4D36-B194-B1645CD798C0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC3ADCB9-C4B7-4D30-932B-415C317870F2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06FB52F8-8702-4795-BA47-28A1D007952F"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update13:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3FDD48A5-9956-4AE6-9899-40D0830719FF"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "875DAD00-C396-4F45-8C39-843686D5C3DA"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F45FA1E6-D848-482B-BB3F-5B02E837EE60"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94A59C56-6A9B-4630-ACBD-45359451120D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "795C1133-BF5E-4B07-A448-13EFAFEED9B8"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF20B7CE-1CD3-4D1E-9C5F-E9594A5135D9"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3206CF31-0EF2-4351-A077-1F8935965492"
          },
          {
            "criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2E1A163-7376-41C9-A0FF-C8C3B192B73A"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:0.10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21684D8F-C925-4BBE-A9E5-3799C84BDB13"
          },
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:0.10.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CE3EE93-6274-4996-A843-D2DF3249E06C"
          },
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:0.11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0DBD7490-815C-4E93-AD6C-5BBF1E3D6AD6"
          },
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:0.11.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3C08BCF-F438-4862-B93A-76282A4129D8"
          },
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:0.12.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA654207-3F1A-4737-AA1C-523DBD420D2A"
          },
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:0.12.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09D1B837-15DB-4A37-AF13-9FE6D894C084"
          },
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:0.13.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CEA214D9-E535-4F68-9A23-504121748700"
          },
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:0.14.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "131EF818-747C-47F0-A69B-7F55CCA93F9B"
          },
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:0.14.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B86C938F-CE5E-4955-8702-ABE9B635E337"
          },
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:0.14.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8DC2818-EBB5-4A14-9468-57737B04F5A7"
          },
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:0.99:pre1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0D9D498-444E-4E92-B2A1-C8D72FA59F50"
          },
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:0.99:pre3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D9AE2FA-068E-4F9E-BA3B-69123D9B0A67"
          },
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:0.99:pre4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22EA88C6-E217-4D1F-981B-096930A7728C"
          },
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:0.99:pre5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0BB29D8D-8287-4B5B-967F-55DCA0C0ED2B"
          },
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:1.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E25A1C90-15E9-4577-B25D-855D48C4F4E8"
          },
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "18BC3056-6CF9-4C6A-9F03-C8812CA10AF1"
          },
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:rc0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02CE9326-279B-4CFE-8FBD-4450793D9C67"
          },
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7513F8AC-A847-412D-B657-9426E4C6C020"
          },
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:1.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "88CE920F-DBD6-4D01-87E1-26FA10101692"
          },
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:1.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6F1E192-D0F2-476E-A7A9-AFB031687533"
          },
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:1.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F9DDE3F-26AE-41E0-9433-E5C018C699E8"
          },
          {
            "criteria": "cpe:2.3:a:polarssl:polarssl:1.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40F9819E-798E-4DA6-A7E4-39A85B68A5F5"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References
