ClearOS Documentation

×

Warning

301 error for file:https://clearos.com/dokuwiki2/lib/exe/css.php?t=dokuwiki&tseed=82873f9c9a1f5784b951644363f20ef8

User Tools

Site Tools


CVE 2018-0737

'The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).'

ClearCenter response

This issue affects ClearOS 7 and ClearOS 6.

Short response

This issue is still outstanding in ClearOS 6 and ClearOS 7. This vulnerability requires significant local access while a certificate request and key is being made in order to work. On ClearOS, local access is not typical and when creating keys, usually an admin has exclusive local access. To work around this issue, ensure that you are exclusively logged in to ClearOS via command line when creating keys and certificate requests.

Long response

This issue is still outstanding in ClearOS 6 and ClearOS 7. This vulnerability requires significant local access while a certificate request and key is being made in order to work. On ClearOS, local access is not typical and when creating keys, usually an admin has exclusive local access. Therefore, risk is minimal. To work around this issue, ensure that you are exclusively logged in to ClearOS via command line when creating keys and certificate requests.

Resolution

Either make sure that you are creating key pairs while exclusively logged into ClearOS or use a different machine with exclusive access in order to cut your key pairs.

content/en_us/announcements_cve_cve-2018-0737.txt · Last modified: 2018/10/01 13:36 by dloper

https://clearos.com/dokuwiki2/lib/exe/indexer.php?id=content%3Aen_us%3Aannouncements_cve_cve-2018-0737&1558439082