12079: OpenSSL PKCS #1 Version 1.5 Session Key Retrieval and RSA blinding Vulnerability

OpenSSL PKCS #1 Version 1.5 Session Key Retrieval and RSA blinding Vulnerability

General Info

	TC:	12079
	Description:	OpenSSL is a suite implementing the secure socket layer technology present in most webserver/browser configurations.. The data encryption technique employed by OpenSSL and described in RSA's PKCS standard has been found to be vulnerable to a form of adaptive ciphertext attack which may allow for the recovery and decryption of session keys from a captured session. By logging all packets transmitted between a client and a server a malicious attacker could make use of the captured session in order to launch a Bleichenbacher attack together with a simple timing attack with the aim of decrypting the session key. If successfully decrypted ,the session key can be used in the trivial decryption of the rest of the information being transmitted in the server client session. OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on the number of extra reductions during Montgomery reduction, and the use of different integer multiplication algorithms ("Karatsuba" and normal).
	TC Impact:	Gather Info
	Service:	http

Specific Operations and Actions:

	Vulnerability Publication:	March, 14 2003
	Advisory Copyright:	David Brumley; Dan Boneh; V. Klima; O. Pokorny; T. Rosa;
	Summary:	A remote attacker may be able to translate your session key and use it to decrypt all your ssl encrypted traffic.
	Risk:	Medium
	CVSS 2.0 metrics:	Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None
	CVSS 2.0 Base Score:	5.8

	Vulnerability Impact:	Gather Info

	Host Impact:	That a remote attacker may be able to decrypt all of your SSL encrypted traffic.
	Nature of Remediation:	Update the software.

	Step required to fix the reported vulnerability:
	*** Solution type: Upgrade Software *** Upgrade the software to a version greater than 0.9.7a. See references for more details.

Glossary and References :

	References:
	* MISC: http://www.sans.org/top20/2003/#u10 * BUGTRAQ: 20030327 Immunix Secured OS 7 openssl update http://www.securityfocus.com/archive/1/archive/1/316577/30/25310/threaded * MISC: http://eprint.iacr.org/2003/052/ * BUGTRAQ: 20030319 [OpenSSL Advisory] Klima-Pokorny-Rosa attack on PKCS #1 v1.5 padding http://marc.theaimsgroup.com/?l=bugtraq&m=104811162730834&w=2 * BUGTRAQ: 20030324 GLSA: openssl (200303-20) http://marc.theaimsgroup.com/?l=bugtraq&m=104852637112330&w=2 * CALDERA: CSSA-2003-014.0 ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt * OPENPKG: OpenPKG-SA-2003.026 http://www.openpkg.org/security/OpenPKG-SA-2003.026-openssl.html * CONFIRM: http://www.openssl.org/news/secadv_20030319.txt * FREEBSD: FreeBSD-SA-03:06 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:06.openssl.asc * MANDRAKE: MDKSA-2003:035 http://www.mandriva.com/security/advisories?name=MDKSA-2003:035 * NETBSD: NetBSD-SA2003-007 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-007.txt.asc * REDHAT: RHSA-2003:101 http://www.redhat.com/support/errata/RHSA-2003-101.html * REDHAT: RHSA-2003:102 http://www.redhat.com/support/errata/RHSA-2003-102.html * DEBIAN: DSA-288 http://www.debian.org/security/2003/dsa-288 * SGI: 20030501-01-I ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I * SUSE: SuSE-SA:2003:024 http://www.suse.de/de/security/2003_024_openssl.html * TRUSTIX: 2003-0013 http://marc.theaimsgroup.com/?l=bugtraq&m=104878215721135&w=2 * SUSE: SuSE-SA:2003:024 http://www.novell.com/linux/security/advisories/2003_024_openssl.html * CERT-VN: VU#888801 http://www.kb.cert.org/vuls/id/888801 * BID: 7148 http://www.securityfocus.com/bid/7148 * XF: ssl-premaster-information-leak(11586) http://xforce.iss.net/xforce/xfdb/11586 * OVAL: oval:org.mitre.oval:def:461 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:461 * BUGTRAQ: 20030313 Vulnerability in OpenSSL http://marc.theaimsgroup.com/?l=bugtraq&m=104766550528628&w=2 * VULNWATCH: 20030313 OpenSSL Private Key Disclosure http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html * CONFIRM: http://www.openssl.org/news/secadv_20030317.txt * BUGTRAQ: 20030317 [ADVISORY] Timing Attack on OpenSSL http://marc.theaimsgroup.com/?l=bugtraq&m=104792570615648&w=2 * MISC: http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf * APPLE: APPLE-SA-2003-03-24 http://www.securityfocus.com/archive/1/archive/1/316165/30/25370/threaded * GENTOO: GLSA-200303-24 http://marc.theaimsgroup.com/?l=bugtraq&m=104861762028637&w=2 * GENTOO: GLSA-200303-15 http://marc.theaimsgroup.com/?l=bugtraq&m=104829040921835&w=2 * OPENPKG: OpenPKG-SA-2003.019 http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.019.html * REDHAT: RHSA-2003:205 https://rhn.redhat.com/errata/RHSA-2003-205.html * BUGTRAQ: 20030320 [OpenPKG-SA-2003.026] OpenPKG Security Advisory (openssl) http://marc.theaimsgroup.com/?l=bugtraq&m=104819602408063&w=2 * CERT-VN: VU#997481 http://www.kb.cert.org/vuls/id/997481 * OVAL: oval:org.mitre.oval:def:466 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:466

	CVE Link:	CVE-2003-0131 CVE-2003-0147

	Glossary:	Banner Password Password Cracking SSL Weak Encryption

© 2003-2010 NexantiS Corporation (www.securescout.com)
SecureScout is a trademark of NexantiS
All Rights Reserved
All products names referenced herein are trademarks of their respective companies

SecureScout products are certified:
CVE Compatible
SANS TOP 20 Compatible
CVSS Compatible (Common Vulnerability Scoring System)