Описание
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).
An erlang TLS server configured with cipher suites using RSA key exchange, may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA. This may result in plain-text recovery of encrypted messages and/or a man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server’s private key itself.
Отчет
This issue affects the versions of erlang as shipped with Red Hat CloudForms 4. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) | erlang | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) | erlang | Will not fix | ||
| Red Hat OpenStack Platform 8 (Liberty) | erlang | Will not fix | ||
| CloudForms Management Engine 5.10 | ansible-tower | Fixed | RHBA-2019:0453 | 06.03.2019 |
| CloudForms Management Engine 5.10 | cfme | Fixed | RHBA-2019:0453 | 06.03.2019 |
| CloudForms Management Engine 5.10 | cfme-amazon-smartstate | Fixed | RHBA-2019:0453 | 06.03.2019 |
| CloudForms Management Engine 5.10 | cfme-appliance | Fixed | RHBA-2019:0453 | 06.03.2019 |
| CloudForms Management Engine 5.10 | cfme-gemset | Fixed | RHBA-2019:0453 | 06.03.2019 |
| CloudForms Management Engine 5.10 | erlang | Fixed | RHBA-2019:0453 | 06.03.2019 |
| CloudForms Management Engine 5.10 | nginx | Fixed | RHBA-2019:0453 | 06.03.2019 |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).
The Erlang otp TLS server answers with different TLS alerts to differe ...
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).
Уязвимость интерпретатора языка программирования Erlang, связанная с раскрытием информации через несоответствие, позволяющая нарушителю получить доступ к конфиденциальным данным
6.5 Medium
CVSS3