Bug 1105459 (CVE-2018-10845) - VUL-0: CVE-2018-10845: gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant
Summary: VUL-0: CVE-2018-10845: gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen atta...
Status: RESOLVED FIXED
Alias: CVE-2018-10845
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/213119/
Whiteboard: CVSSv3:RedHat:CVE-2018-10845:5.9:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2018-08-21 07:59 UTC by Alexander Bergmann
Modified: 2024-04-08 13:50 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
The GnuTLS Lucky 13 paper (426.00 KB, application/pdf)
2018-08-27 15:26 UTC, Vítězslav Čížek 		Details
Full paper (476.22 KB, application/pdf)
2018-08-28 09:03 UTC, Vítězslav Čížek 		Details
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2018-08-21 07:59:01 UTC 
rh#1582572

It was found that GnuTLS implementation of HMAC-SHA-384 was vulnerable to Lucky thirteen style attack due to use of wrong constant appropriate to hash functions that encode the length field.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1582572
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10845
Comment 1 Alexander Bergmann 2018-08-21 08:00:25 UTC 
External references:
https://eprint.iacr.org/2018/747

Upstream fix:
https://gitlab.com/gnutls/gnutls/merge_requests/657
Comment 4 Vítězslav Čížek 2018-08-27 15:26:28 UTC 
Created attachment 780883 [details]
The GnuTLS Lucky 13 paper
Comment 5 Vítězslav Čížek 2018-08-28 09:03:04 UTC 
Created attachment 780959 [details]
Full paper

The authors of the paper believe that GnuTLS is still vulnerable to variants of the Lucky 13 attack against SHA256/SHA384, even after the countermeasures implemented in 3.6.3/3.3.30.

GnuTLS, however, won't address these concerns, they promote the use of Encrypt-then-MAC (RFC 7366) instead.
Comment 7 Swamp Workflow Management 2018-09-24 13:14:13 UTC 
SUSE-SU-2018:2825-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1047002,1105437,1105459,1105460
CVE References: CVE-2017-10790,CVE-2018-10844,CVE-2018-10845,CVE-2018-10846
Sources used:
SUSE OpenStack Cloud 7 (src):    gnutls-3.2.15-18.6.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    gnutls-3.2.15-18.6.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    gnutls-3.2.15-18.6.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    gnutls-3.2.15-18.6.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    gnutls-3.2.15-18.6.1
SUSE Linux Enterprise Server 12-LTSS (src):    gnutls-3.2.15-18.6.1
SUSE Enterprise Storage 4 (src):    gnutls-3.2.15-18.6.1
Comment 8 Swamp Workflow Management 2018-09-24 16:15:18 UTC 
SUSE-SU-2018:2842-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1047002,1105437,1105459,1105460
CVE References: CVE-2017-10790,CVE-2018-10844,CVE-2018-10845,CVE-2018-10846
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    gnutls-3.3.27-3.3.1
SUSE Linux Enterprise Server 12-SP3 (src):    gnutls-3.3.27-3.3.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    gnutls-3.3.27-3.3.1
Comment 9 Swamp Workflow Management 2018-09-25 13:12:13 UTC 
openSUSE-SU-2018:2854-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1047002,1105437,1105459,1105460
CVE References: CVE-2017-10790,CVE-2018-10844,CVE-2018-10845,CVE-2018-10846
Sources used:
openSUSE Leap 42.3 (src):    gnutls-3.3.27-2.3.1
Comment 10 Swamp Workflow Management 2018-09-28 10:13:40 UTC 
SUSE-SU-2018:2930-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1047002,1105437,1105459,1105460
CVE References: CVE-2017-10790,CVE-2018-10844,CVE-2018-10845,CVE-2018-10846
Sources used:
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    gnutls-3.6.2-6.3.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    gnutls-3.6.2-6.3.1
Comment 11 Swamp Workflow Management 2018-10-01 10:08:33 UTC 
openSUSE-SU-2018:2958-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1047002,1105437,1105459,1105460
CVE References: CVE-2017-10790,CVE-2018-10844,CVE-2018-10845,CVE-2018-10846
Sources used:
openSUSE Leap 15.0 (src):    gnutls-3.6.2-lp150.4.3.1
Comment 13 Vítězslav Čížek 2018-10-03 14:04:48 UTC 
Done.
Comment 14 Swamp Workflow Management 2018-10-18 16:50:53 UTC 
SUSE-SU-2018:2825-2: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1047002,1105437,1105459,1105460
CVE References: CVE-2017-10790,CVE-2018-10844,CVE-2018-10845,CVE-2018-10846
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    gnutls-3.2.15-18.6.1