Bug ID 1111233
Summary VUL-0: CVE-2018-16737, CVE-2018-16738, CVE-2018-16758: tinc: Multiple issues fixed in the 1.0.35 release
Classification openSUSE
Product openSUSE Distribution
Version Leap 42.3
Hardware Other
URL https://smash.suse.de/issue/216345/
OS Other
Status NEW
Severity Major
Priority P5 - None
Component Security
Assignee michele.bologna@suse.com
Reporter jsegitz@suse.com
QA Contact security-team@suse.de
Found By Security Response Team
Blocker ---

rh#1637481


CVE-2018-16758: Michael Yonli discovered that tinc 1.0.34 and earlier allow a
man-in-the-middle attack that, even if the MITM cannot decrypt the traffic sent
between the two endpoints, when the MITM can correctly predict when an
ephemeral key exchange message is sent in a TCP connection between two nodes,
allows the MITM to force one node to send UDP packets in plaintext. The tinc
1.1pre versions are not affected by this.

CVE-2018-16738: Michael Yonli discovered that tinc versions 1.0.30 to 1.0.34
allow an oracle attack, similar to CVE-2018-16737, but due to the mitigations
put in place for the Sweet32 attack in tinc 1.0.30, it now requires a timing
attack that has only a limited time to complete. Tinc 1.1pre16 and earlier are
also affected if there are nodes on the same VPN that still use the legacy
protocol from tinc version 1.0.x.

CVE-2018-16737: Michael Yonli discovered that tinc 1.0.29 and earlier allow an
oracle attack that could allow a remote attacker to establish one-way
communication with a tinc node, allowing it to send fake control messages and
inject packets into the VPN. The attack takes only a few seconds to complete.
Tinc 1.1pre14 and earlier allow the same attack if they are configured to allow
connections from nodes using the legacy 1.0.x protocol.

References:
http://www.tinc-vpn.org/security/
https://bugzilla.redhat.com/show_bug.cgi?id=1637481
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16737
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16738
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16758


You are receiving this mail because: