Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2018.0311 Multiple vulnerabilities have been identified in Tenable Nessus 21 December 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Tenable Nessus Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Access Privileged Data -- Existing Account Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2018-5407 CVE-2018-0737 CVE-2018-0734 CVE-2018-0732 Member content until: Sunday, January 20 2019 Reference: ASB-2018.0272 ASB-2018.0271 ESB-2018.3936 OVERVIEW Tenable has identified a number of vulnerabilities in Tenable Nessus and Nessus Enterprise prior to versions 7.1.4 and 8.1.1. [1][2] IMPACT The vendor has provided the following details regarding the vulnerabilities: CVE-2018-5407: "Description Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'." [3] CVE-2018-0732: "Description During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o)." [4] CVE-2018-0734: "Description The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)." [5] CVE-2018-0737: "Description The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o)." [6] MITIGATION Tenable recommends users upgrade to the latest version of Nessus to address these issues. [1][2] REFERENCES [1] [R1] Nessus 7.1.4 Fixes Multiple Third-party Vulnerabilities https://www.tenable.com/security/tns-2018-17 [2] [R1] Nessus 8.1.1 Fixes Multiple Third-party Vulnerabilities https://www.tenable.com/security/tns-2018-16 [3] CVE-2018-5407 https://www.tenable.com/cve/CVE-2018-5407 [4] CVE-2018-0732 https://www.tenable.com/cve/CVE-2018-0732 [5] CVE-2018-0734 https://www.tenable.com/cve/CVE-2018-0734 [6] CVE-2018-0737 https://www.tenable.com/cve/CVE-2018-0737 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXBw9WmaOgq3Tt24GAQhTug/+L3ZM01YgWx1o6bD2OZRVemg5/h46R0oW cG/cI6xf3xFjfnS9sQ+kZWJ46ne6CaVZ2vyQdQH2cOEroh8p2Rwfp/g2z1wr/CPo 2+RETFMfO1lMePFCuM2HjwX6r0Z+AXLyltWVsH9Lt5wRO4LvbJKWefjgtlXVZDcj 8zse7V5wEcAHTDXaJNIScnhRT/E+IoTiXH30qawNCoPmZU/na4KkRsdWE4cOj3tm y5+Gi/SC45DXMWU2N+D23ptANfDBTB/7w/IJgehQPBt4wQI4NXlMuXPkiPolNxoE 2sw5r5GH9STsu0yQdjRd/U1dLdjJmL8SFvgh1CV4hF8j/5+7nSilssuQ1qEo6rui S36JR4OqYObZDttmc2zewZuDEHfK4qx+zwKoL5ekVLRjwZHk0HlDrAuA8pYJZSBT Js1eF8YkhLueSaJinE4qLMOJ7i4QE7N0e4jt2lGY3uNS0t9lGTUi13LZW4SID8Ta TXc6LhbELJOcNT928VaaeL8fxL03yYa51LivUeyoGjmbfhEYEiJXrT3OSxjN7dey AGylxznYrr9rrht0E6cUEmgmoWWf3GSJN6QR6nYyxdeVVfvI/nXyNHiL9Z+No7Dv 9+VYgDPxj6fhB3M+2RVQBsE7fENl6pDPriQbYt6bu3qNpSH9QwoUPHIBxRUqLOUk 2cBAlMS6nJE= =5Kqb -----END PGP SIGNATURE-----