Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-1618

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2013-1618
Last Modified 07 Mar 2013 11:12:04
Published 08 Feb 2013 02:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2013-1618

Summary

The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

Vulnerable Systems

Application

  • Opera Browser 12.00

  • Opera Browser 12.01

  • Opera Browser 12.02

  • Opera Browser 12.10

  • Opera Browser 12.11

  • Opera Browser 12.12


References

CONFIRM - http://www.opera.com/support/kb/view/1044/

CONFIRM - http://www.opera.com/docs/changelogs/unified/1213/

MISC - http://www.isg.rhul.ac.uk/tls/TLStiming.pdf

MLIST - [oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations

SUSE - openSUSE-SU-2013:0289


Last Updated: 27 May 2016 11:01:50