CVE-2013-0169
CVE-2013-0169
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.htmlhttp://marc.info/?l=bugtraq&m=136396549913849&w=2http://marc.info/?l=bugtraq&m=136432043316835&w=2