CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
84.7%
If an application encounters a fatal protocol error and then calls
SSL_shutdown() twice (once to send a close_notify, and once to receive one)
then OpenSSL can respond differently to the calling application if a 0 byte
record is received with invalid padding compared to if a 0 byte record is
received with an invalid MAC. If the application then behaves differently
based on that in a way that is detectable to the remote peer, then this
amounts to a padding oracle that could be used to decrypt data. In order
for this to be exploitable “non-stitched” ciphersuites must be in use.
Stitched ciphersuites are optimised implementations of certain commonly
used ciphersuites. Also the application must call SSL_shutdown() twice even
if a protocol error has occurred (applications should not do this but some
do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
Author | Note |
---|---|
mdeslaur | doesn’t affect 1.1.x this fix is a workaround for applications that call SSL_shutdown() twice even if a protocol error has occurred upstream fix uses error handling mechanism introduced in 1.0.2, which isn’t available in 1.0.1f. While we are unlikely to fix this issue in Ubuntu 14.04 LTS, marking as deferred for now in case the vulnerable applications are identified. |
github.com/RUB-NDS/TLS-Padding-Oracles
launchpad.net/bugs/cve/CVE-2019-1559
nvd.nist.gov/vuln/detail/CVE-2019-1559
security-tracker.debian.org/tracker/CVE-2019-1559
ubuntu.com/security/notices/USN-3899-1
ubuntu.com/security/notices/USN-4376-2
www.cve.org/CVERecord?id=CVE-2019-1559
www.openssl.org/news/secadv/20190226.txt
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
84.7%