CVE-2018-16738: Michael Yonli discoverd that tinc versions 1.0.30 to 1.0.34 allow an oracle attack, similar to CVE-2018-16737, but due to the mitigations put in place for the Sweet32 attack in tinc 1.0.30, it now requires a timing attack that has only a limited time to complete. Tinc 1.1pre16 and earlier are also affected if there are nodes on the same VPN that still use the legacy protocol from tinc version 1.0.x. https://www.tinc-vpn.org/security/ Reproducible: Always Steps to Reproduce: 1. please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16738 Versions 1.0.35 and 1.1pre17 released. Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738). Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758).
CVE-2018-16738: Michael Yonli discoverd that tinc versions 1.0.30 to 1.0.34 allow an oracle attack, similar to CVE-2018-16737, but due to the mitigations put in place for the Sweet32 attack in tinc 1.0.30, it now requires a timing attack that has only a limited time to complete. Tinc 1.1pre16 and earlier are also affected if there are nodes on the same VPN that still use the legacy protocol from tinc version 1.0.x. CVE-2018-16737: Michael Yonly discovered that tinc 1.0.29 and earlier allow an oracle attack that could allow a remote attacker to establish one-way communication with a tinc node, allowing it to send fake control messages and inject packets into the VPN. The attack takes only a few seconds to complete. Tinc 1.1pre14 and earlier allow the same attack if they are configured to allow connections from nodes using the legacy 1.0.x
Maintainers, please advise if current version in tree has the fixes for these vulnerabilities, so we can close the bug.
Release notes: https://www.tinc-vpn.org/download/
(In reply to Yury German from comment #2) > Maintainers, please advise if current version in tree has the fixes for > these vulnerabilities, so we can close the bug. yes, all current versions in tree (1.0.35-r2 and 1.1_pre17) include the fixes, so we can close this bug safely, thanks for poking this ..