Описание
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| openssl | fixed | 1.0.2b-1 | package | |
| nss | fixed | 2:3.19.1-1 | package | |
| nss | no-dsa | squeeze | package | |
| openjdk-6 | fixed | 6b36-1.13.8-1 | experimental | package |
| openjdk-6 | removed | package | ||
| openjdk-7 | fixed | 7u79-2.5.6-1 | package | |
| openjdk-8 | fixed | 8u66-b01-1 | package | |
| icedove | fixed | 38.1.0-1 | package |
Примечания
CVE assigned specific to vulnerability in the TLS protocol that was
disclosed in section 3.2 of the
https://weakdh.org/imperfect-forward-secrecy.pdf paper.
Some links on the status of various implementations/protocols:
IKE/IPSEC: https://nohats.ca/wordpress/blog/2015/05/20/weakdh-and-ike-ipsec/
OpenSSL: https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/
OpenSSL 1.0.2b-1 limits it to 768 bit, future versions will increase the limit
GNUTLS: http://lists.gnutls.org/pipermail/gnutls-devel/2015-May/007597.html
NSS/iceweasel/icedove: https://www.mozilla.org/en-US/security/advisories/mfsa2015-70/
NSS patch increasing limit to 1023 bits: https://hg.mozilla.org/projects/nss/rev/ae72d76f8d24
EPSS
Связанные уязвимости
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
EPSS