Описание
The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| socat | fixed | 1.7.3.1-1 | package | |
| socat | not-affected | jessie | package | |
| socat | not-affected | wheezy | package | |
| socat | not-affected | squeeze | package |
Примечания
The issues is about "In the OpenSSL address implementation the hard coded 1024 bit DH
p parameter was not prime.". Upstream has generated new parametes (and made it 2048
bit long.
https://www.openwall.com/lists/oss-security/2016/02/01/4
http://www.dest-unreach.org/socat/contrib/socat-secadv7.html
EPSS
Связанные уязвимости
The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret.
The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret.
The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret.
The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret.
EPSS