Bug 1283137 (CVE-2015-7503)

Summary: CVE-2015-7503 php-ZendFramework2: Usage of vulnerable PKCS#1 v1.5 padding allows to recover RSA private key
Product: [Other] Security Response Reporter: Adam Mariš <amaris>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED UPSTREAM QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: ccoleman, dmcphers, jialiu, joelsmith, jokerman, lmeyer, mmccomas, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-05-20 21:15:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1289317, 1289318, 1289319    
Bug Blocks: 1289320    

Description Adam Mariš 2015-11-18 11:10:53 UTC 
It was found that `Zend\Crypt\PublicKey\Rsa\PublicKey` has a call to `openssl_public_encrypt()`, which uses PHP's default `$padding` argument, which specifies `OPENSSL_PKCS1_PADDING`, indicating usage of PKCS1v1.5 padding. This padding has a known vulnerability, the Bleichenbacher's chosen-ciphertext attack, that can be used to recover an RSA private key.
Comment 1 Kurt Seifried 2015-12-07 20:50:31 UTC 
This is now public:

http://framework.zend.com/security/advisory/ZF2015-10
Comment 3 Kurt Seifried 2015-12-07 20:51:51 UTC 
Created php-ZendFramework2 tracking bugs for this issue:

Affects: fedora-all [bug 1289317]
Affects: epel-all [bug 1289318]
Comment 4 Product Security DevOps Team 2020-05-20 21:15:37 UTC 
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.