-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2018.0311
      Multiple vulnerabilities have been identified in Tenable Nessus
                             21 December 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Tenable Nessus
Operating System:     UNIX variants (UNIX, Linux, OSX)
                      Windows
Impact/Access:        Access Privileged Data -- Existing Account      
                      Denial of Service      -- Remote/Unauthenticated
Resolution:           Patch/Upgrade
CVE Names:            CVE-2018-5407 CVE-2018-0737 CVE-2018-0734
                      CVE-2018-0732  
Member content until: Sunday, January 20 2019
Reference:            ASB-2018.0272
                      ASB-2018.0271
                      ESB-2018.3936

OVERVIEW

        Tenable has identified a number of vulnerabilities in Tenable Nessus 
        and Nessus Enterprise prior to versions 7.1.4 and 8.1.1. [1][2]


IMPACT

        The vendor has provided the following details regarding the 
        vulnerabilities:
        
        CVE-2018-5407:
        
        "Description
        
        Simultaneous Multi-threading (SMT) in processors can enable local users 
        to exploit software vulnerable to timing attacks via a side-channel 
        timing attack on 'port contention'." [3]
        
        CVE-2018-0732:
        
        "Description
        
        During key agreement in a TLS handshake using a DH(E) based ciphersuite a
        malicious server can send a very large prime value to the client. This will
        cause the client to spend an unreasonably long period of time generating a
        key for this prime resulting in a hang until the client has finished. This
        could be exploited in a Denial Of Service attack. Fixed in OpenSSL
        1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected
        1.0.2-1.0.2o)." [4]
        
        CVE-2018-0734:
        
        "Description
        
        The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
        timing side channel attack. An attacker could use variations in the signing
        algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected
        1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL
        1.0.2q (Affected 1.0.2-1.0.2p)." [5]
        
        CVE-2018-0737:
        
        "Description
        
        The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to
        a cache timing side channel attack. An attacker with sufficient access to
        mount cache timing attacks during the RSA key generation process could
        recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected
        1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o)." [6]


MITIGATION

        Tenable recommends users upgrade to the latest version of Nessus to
        address these issues. [1][2]


REFERENCES

        [1] [R1] Nessus 7.1.4 Fixes Multiple Third-party Vulnerabilities
            https://www.tenable.com/security/tns-2018-17

        [2] [R1] Nessus 8.1.1 Fixes Multiple Third-party Vulnerabilities
            https://www.tenable.com/security/tns-2018-16

        [3] CVE-2018-5407
            https://www.tenable.com/cve/CVE-2018-5407

        [4] CVE-2018-0732
            https://www.tenable.com/cve/CVE-2018-0732

        [5] CVE-2018-0734
            https://www.tenable.com/cve/CVE-2018-0734

        [6] CVE-2018-0737
            https://www.tenable.com/cve/CVE-2018-0737

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXBw9WmaOgq3Tt24GAQhTug/+L3ZM01YgWx1o6bD2OZRVemg5/h46R0oW
cG/cI6xf3xFjfnS9sQ+kZWJ46ne6CaVZ2vyQdQH2cOEroh8p2Rwfp/g2z1wr/CPo
2+RETFMfO1lMePFCuM2HjwX6r0Z+AXLyltWVsH9Lt5wRO4LvbJKWefjgtlXVZDcj
8zse7V5wEcAHTDXaJNIScnhRT/E+IoTiXH30qawNCoPmZU/na4KkRsdWE4cOj3tm
y5+Gi/SC45DXMWU2N+D23ptANfDBTB/7w/IJgehQPBt4wQI4NXlMuXPkiPolNxoE
2sw5r5GH9STsu0yQdjRd/U1dLdjJmL8SFvgh1CV4hF8j/5+7nSilssuQ1qEo6rui
S36JR4OqYObZDttmc2zewZuDEHfK4qx+zwKoL5ekVLRjwZHk0HlDrAuA8pYJZSBT
Js1eF8YkhLueSaJinE4qLMOJ7i4QE7N0e4jt2lGY3uNS0t9lGTUi13LZW4SID8Ta
TXc6LhbELJOcNT928VaaeL8fxL03yYa51LivUeyoGjmbfhEYEiJXrT3OSxjN7dey
AGylxznYrr9rrht0E6cUEmgmoWWf3GSJN6QR6nYyxdeVVfvI/nXyNHiL9Z+No7Dv
9+VYgDPxj6fhB3M+2RVQBsE7fENl6pDPriQbYt6bu3qNpSH9QwoUPHIBxRUqLOUk
2cBAlMS6nJE=
=5Kqb
-----END PGP SIGNATURE-----