CVE-2013-0169

NameCVE-2013-0169
DescriptionThe TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-2621-1, DSA-2622-1
NVD severitylow (attack range: remote)
Debian Bugs699885, 699887, 699888, 699889
Debian/oldoldstablepackages bouncycastle, gnutls26, matrixssl, nss, openjdk-6 are vulnerable.
Debian/oldstablepackages bouncycastle, haskell-tls, matrixssl, tlslite are vulnerable.
Debian/stablepackage haskell-tls is vulnerable.
Debian/testingpackage haskell-tls is vulnerable.
Debian/unstablepackage haskell-tls is vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bouncycastle (PTS)squeeze1.44+dfsg-2vulnerable
wheezy1.44+dfsg-3.1vulnerable
stretch, sid, jessie1.49+dfsg-3fixed
cyassl (PTS)sid2.9.4+dfsg-3fixed
gnutls26 (PTS)squeeze, squeeze (security)2.8.6-1+squeeze3vulnerable
squeeze (lts)2.8.6-1+squeeze5vulnerable
wheezy2.12.20-8+deb7u2fixed
wheezy (security)2.12.20-8+deb7u3fixed
gnutls28 (PTS)jessie3.3.8-6+deb8u1fixed
stretch3.3.16-1fixed
sid3.3.16-2fixed
haskell-tls (PTS)wheezy0.9.5-1vulnerable
jessie1.2.9-2vulnerable
stretch, sid1.2.18-1vulnerable
matrixssl (PTS)squeeze, wheezy1.8.8-1vulnerable
nss (PTS)squeeze, squeeze (security)3.12.8-1+squeeze7vulnerable
squeeze (lts)3.12.8-1+squeeze11vulnerable
wheezy2:3.14.5-1+deb7u3fixed
wheezy (security)2:3.14.5-1+deb7u4fixed
jessie2:3.17.2-1.1fixed
stretch, sid2:3.19.2-1fixed
openjdk-6 (PTS)squeeze6b18-1.8.13-0+squeeze2vulnerable
squeeze (security)6b31-1.13.3-1~deb6u1fixed
squeeze (lts)6b35-1.13.7-1~deb6u1fixed
wheezy6b27-1.12.5-1fixed
wheezy (security)6b35-1.13.7-1~deb7u1fixed
sid6b35-1.13.7-1fixed
openjdk-7 (PTS)wheezy7u3-2.1.7-1fixed
wheezy (security)7u79-2.5.6-1~deb7u1fixed
stretch, jessie7u75-2.5.4-2fixed
jessie (security)7u79-2.5.6-1~deb8u1fixed
sid7u79-2.5.6-1fixed
openssl (PTS)squeeze, squeeze (security)0.9.8o-4squeeze14fixed
squeeze (lts)0.9.8o-4squeeze21fixed
wheezy1.0.1e-2+deb7u13fixed
wheezy (security)1.0.1e-2+deb7u17fixed
jessie1.0.1k-3fixed
jessie (security)1.0.1k-3+deb8u1fixed
stretch, sid1.0.2d-1fixed
polarssl (PTS)squeeze, squeeze (security)1.2.9-1~deb6u1fixed
squeeze (lts)1.2.9-1~deb6u4fixed
wheezy1.2.9-1~deb7u4fixed
wheezy (security)1.2.9-1~deb7u5fixed
stretch, sid, jessie1.3.9-2.1fixed
tlslite (PTS)wheezy0.3.8-2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bouncycastlesource(unstable)1.48+dfsg-2low699885
cyasslsource(unstable)2.9.4+dfsg-1low
gnutls26source(unstable)2.12.20-4low
gnutls28source(unstable)3.0.22-3low
haskell-tlssource(unstable)(unfixed)low
matrixsslsource(unstable)(unfixed)low
nsssource(unstable)2:3.14.3-1low699888
openjdk-6source(unstable)6b27-1.12.3-1low
openjdk-7source(unstable)7u3-2.1.6-1low
opensslsource(unstable)1.0.1e-1low699889
opensslsourcesqueeze0.9.8o-4squeeze14lowDSA-2621-1
polarsslsource(unstable)1.1.4-2low699887
polarsslsourcesqueeze0.12.1-1squeeze1lowDSA-2622-1
tlslitesource(unstable)(unfixed)low

Notes

[wheezy] - bouncycastle <no-dsa> (Minor issue)
[squeeze] - bouncycastle <no-dsa> (Minor issue)
[squeeze] - nss <no-dsa> (Minor issue)
[squeeze] - gnutls26 <no-dsa> (Too intrusive to backport)
[wheezy] - haskell-tls <no-dsa> (Minor issue)
[jessie] - haskell-tls <no-dsa> (Minor issue)
[squeeze] - matrixssl <no-dsa> (Minor issue)
[wheezy] - matrixssl <no-dsa> (Minor issue)
matrixssl fixed this upstream in 3.4.1
[wheezy] - tlslite <no-dsa> (Minor issue)
http://www.isg.rhul.ac.uk/tls/TLStiming.pdf

Search for package or bug name: Reporting problems