KB Article | Forcepoint Support

Problem Description

KBA Severity:  
CVE-2018-0733 - Moderate
CVE-2018-0739 - Moderate
 
CVE Numbers: 
CVE-2018-0733 
CVE-2018-0739
 
KBA Summary
OpenSSL vulnerabilities.
 
Affected Products
  • Forcepoint Sidewinder
 
KBA Detailed Information
The following descriptions are from openssl.org.
 
CVE-2018-0733:
Because of an implementation bug the PA-RISC CRYPTO_memcmp function is
effectively reduced to only comparing the least significant bit of each byte.
This allows an attacker to forge messages that would be considered as
authenticated in an amount of tries lower than that guaranteed by the security
claims of the scheme. The module can only be compiled by the HP-UX assembler, so
that only HP-UX PA-RISC targets are affected.
 
CVE-2018-0739:
Constructed ASN.1 types with a recursive definition (such as can be found in
PKCS7) could eventually exceed the stack given malicious input with
excessive recursion. This could result in a Denial Of Service attack. There are
no such structures used within SSL/TLS that come from untrusted sources so this
is considered safe.
 
CVE References

Resolution

Hotfix and Information About Other Fixes
 
Sidewinder
The following patches are available to resolve these vulnerabilities:
 Sidewinder 7.0.1.03Sidewinder 8.3.2
CVE-2018-0733 7.0.1.03E118* or 7.0.1.03H168.3.2E159* or 8.3.2P11
CVE-2018-0739 7.0.1.03E118* or 7.0.1.03H168.3.2E159* or 8.3.2P11
 *indicates patch is obsoleted by a newer patch

Sidewinder download information:
Sidewinder E-Patch download information:

User name                    : atl-963845ro
User password              : 34bT4hF3AFJn
Server name                 : csftp.us.stonesoft.com
                                    : 
https://csftp.us.stonesoft.com

https://csftp.us.stonesoft.com/file/access.pl?username=atl-963845ro
ftp://atl-963845ro:34bT4hF3AFJn@csftp.us.stonesoft.com/upload
sftp://atl-963845ro:34bT4hF3AFJn@csftp.us.stonesoft.com/upload
 

Article Feedback



Thank you for the feedback and comments.