CVE-2013-0169

NameCVE-2013-0169
DescriptionThe TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
SourceCVE (at NVD; LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2621-1, DSA-2622-1
NVD severitylow (attack range: remote)
Debian Bugs699885, 699887, 699888, 699889, 796342

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bouncycastle (PTS)wheezy (security), wheezy1.44+dfsg-3.1+deb7u1vulnerable
jessie (security), jessie1.49+dfsg-3+deb8u1fixed
stretch, sid1.54-1fixed
gnutls26 (PTS)wheezy (security), wheezy2.12.20-8+deb7u5fixed
gnutls28 (PTS)jessie3.3.8-6+deb8u3fixed
jessie (security)3.3.8-6+deb8u2fixed
stretch, sid3.4.11-4fixed
haskell-tls (PTS)wheezy0.9.5-1vulnerable
jessie1.2.9-2vulnerable
stretch1.3.2-2vulnerable
sid1.3.4-1vulnerable
matrixssl (PTS)wheezy1.8.8-1vulnerable
nss (PTS)wheezy (security), wheezy2:3.14.5-1+deb7u5fixed
jessie2:3.17.2-1.1+deb8u2fixed
jessie (security)2:3.17.2-1.1+deb8u1fixed
stretch, sid2:3.23-2fixed
openjdk-6 (PTS)wheezy6b27-1.12.5-1fixed
wheezy (security)6b38-1.13.10-1~deb7u1fixed
openjdk-7 (PTS)wheezy7u91-2.6.3-1~deb7u1fixed
wheezy (security)7u101-2.6.6-2~deb7u1fixed
jessie7u91-2.6.3-1~deb8u1fixed
jessie (security)7u101-2.6.6-1~deb8u1fixed
openssl (PTS)wheezy1.0.1e-2+deb7u20fixed
wheezy (security)1.0.1e-2+deb7u21fixed
jessie1.0.1k-3+deb8u4fixed
jessie (security)1.0.1k-3+deb8u5fixed
stretch1.0.2g-2fixed
sid1.0.2h-1fixed
polarssl (PTS)wheezy (security), wheezy1.2.9-1~deb7u6fixed
jessie (security), jessie1.3.9-2.1+deb8u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bouncycastlesource(unstable)1.48+dfsg-2low699885
cyasslsource(unstable)2.9.4+dfsg-1low
gnutls26source(unstable)2.12.20-4low
gnutls28source(unstable)3.0.22-3low
haskell-tlssource(unstable)(unfixed)low796342
matrixsslsource(unstable)(unfixed)low
nsssource(unstable)2:3.14.3-1low699888
openjdk-6source(unstable)6b27-1.12.3-1low
openjdk-7source(unstable)7u3-2.1.6-1low
opensslsource(unstable)1.0.1e-1low699889
opensslsourcesqueeze0.9.8o-4squeeze14lowDSA-2621-1
polarsslsource(unstable)1.1.4-2low699887
polarsslsourcesqueeze0.12.1-1squeeze1lowDSA-2622-1
tlslitesource(unstable)(unfixed)low

Notes

[wheezy] - bouncycastle <no-dsa> (Minor issue)
[squeeze] - bouncycastle <no-dsa> (Minor issue)
[squeeze] - nss <no-dsa> (Minor issue)
[squeeze] - gnutls26 <no-dsa> (Too intrusive to backport)
[wheezy] - haskell-tls <no-dsa> (Minor issue)
[jessie] - haskell-tls <no-dsa> (Minor issue)
[squeeze] - matrixssl <no-dsa> (Minor issue)
[wheezy] - matrixssl <no-dsa> (Minor issue)
matrixssl fixed this upstream in 3.4.1
[wheezy] - tlslite <no-dsa> (Minor issue)
http://www.isg.rhul.ac.uk/tls/TLStiming.pdf

Search for package or bug name: Reporting problems