Описание
The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.
It was found that OpenSSL used weak Diffie-Hellman parameters based on unsafe primes, which were generated and stored in X9.42-style parameter files. An attacker who could force the peer to perform multiple handshakes using the same private DH component could use this flaw to conduct man-in-the-middle attacks on the SSL/TLS connection.
Отчет
OpenSSL 1.0.2 provides support for generating X9.42 style parameter files. This feature does not exist in any previous versions of OpenSSL. Therefore versions of OpenSSL shipped with Red Hat Enterprise Linux 5, 6, and 7, and JBoss EAP and JBoss Web Server are not vulnerable to this security flaw. Versions of OpenSSL shipped in Red Hat Enterprise Linux do not enable the SSL_OP_SINGLE_DH_USE option. However, most applications do not use SSL_CTX_set_tmp_dh()/SSL_set_tmp_dh(). Most of them use SSL_CTX_set_tmp_dh_callback()/SSL_set_tmp_dh_callback() without setting the key. This has the same effect as setting SSL_OP_SINGLE_DH_USE.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | openssl | Not affected | ||
| Red Hat Enterprise Linux 5 | openssl097a | Not affected | ||
| Red Hat Enterprise Linux 6 | openssl | Not affected | ||
| Red Hat Enterprise Linux 6 | openssl098e | Not affected | ||
| Red Hat Enterprise Linux 7 | openssl | Not affected | ||
| Red Hat Enterprise Linux 7 | openssl098e | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | openssl | Not affected | ||
| Red Hat JBoss Enterprise Web Server 1 | openssl | Not affected | ||
| Red Hat JBoss Enterprise Web Server 2 | openssl | Not affected | ||
| Red Hat JBoss Enterprise Web Server 3 | openssl | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.8 Medium
CVSS2
Связанные уязвимости
The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.
The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.
The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 ...
The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.
Уязвимость библиотеки OpenSSL, позволяющая нарушителю получить закрытый ключ
EPSS
5.8 Medium
CVSS2