oss-sec mailing list archives
Re: CVE request: MatrixSSL lack of RSA-CRT hardening
From: Hanno Böck <hanno () hboeck de>
Date: Wed, 29 Jun 2016 09:08:49 +0200
On Mon, 27 Jun 2016 08:08:14 +0200 Florian Weimer <fw () deneb enyo de> wrote:
(There are some other changes whose description suggests they would warrant CVE assignment as well, but I have not looked at those.)
This (from CHANGES.md) seems notable and probably deserves a CVE: ------------- ##Side Channel Vulnerability on RSA Cipher Suites A Bleichenbacher variant attack, where certain information is leaked from the results of a RSA private key operation has been reported by a security researcher. The code has been updated to error without providing any information on the premaster contents.
Note that other side channel attacks may still be possible as MatrixSSL non-FIPS crypto is not always constant-time.
------------- This also: ------------- ##Access Violation on Malicious TLS Record TLS cipher suites with CBC mode in TLS 1.1 and 1.2 could have an access violation (read beyond memory) with a maliciously crafted message. ------------- This is probably the same bug as described here: https://web-in-security.blogspot.no/2016/05/curious-padding-oracle-in-openssl-cve.html Quote ------------- OpenSSL is not alone. I found a similar problem in the MatrixSSL library, see https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md. In that case, unfortunately, a bad patch of Lucky 13 lead even to a buffer overread vulnerability. ------------- -- Hanno Böck https://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Attachment:
_bin
Description: OpenPGP digital signature
Current thread:
- CVE request: MatrixSSL lack of RSA-CRT hardening Florian Weimer (Jun 26)
- Re: CVE request: MatrixSSL lack of RSA-CRT hardening Hanno Böck (Jun 29)