Bug 1289841 (CVE-2015-7575, SLOTH)

Summary: CVE-2015-7575 TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)
Product: [Other] Security Response Reporter: Huzaifa S. Sidhpurwala <huzaifas>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: ahughes, bbaranow, bmaxwell, carnil, cdewolf, cperry, csutherl, dandread, darran.lofthouse, dknox, hkario, huzaifas, jason.greene, jawilson, jboss-set, jclere, jdoyle, ksrot, lgao, mbabacek, mjc, myarboro, nmavrogi, pgier, psakar, pslavice, pwouters, rrelyea, rsvoboda, security-response-team, slawomir, slong, szidek, tmraz, twalsh, vtunka, weli
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client.
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-08 02:46:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 1297310, 1289881, 1289882, 1289883, 1289884, 1289885, 1289886, 1289887, 1289888, 1289889, 1289890, 1289891, 1289892, 1296218, 1296219, 1296221    
Bug Blocks: 1289842, 1295699, 1298491    

Description Huzaifa S. Sidhpurwala 2015-12-09 06:46:45 UTC
A new class of transcript collision attacks on the use of MD5 in key exchange protocol was found in TLS 1.2. Due to several high-profile attacks against MD5, there is now consensus among certification authorities and software vendors to stop issuing and accepting new MD5 certificates. However MD5 continues to be supported in key exchange protocol for TLS 1.2 and also in IPSec and SSH-2. A almost-practical impersonation and downgrade attack was demostrated for IKEv2 and SSH-2 and also a concrete credential forwarding attack against TLS 1.2 client authentication.

Comment 1 Huzaifa S. Sidhpurwala 2015-12-09 06:56:56 UTC
It seems openssl already disables RSA+MD5, see:

https://github.com/openssl/openssl/commit/45473632c54947859a731dfe2db087c002ef7aa7

Comment 19 Huzaifa S. Sidhpurwala 2015-12-10 05:56:19 UTC
CVE-2015-7575 has been assigned to this issue.

Comment 24 Martin Prpič 2016-01-06 15:56:42 UTC
Created gnutls tracking bugs for this issue:

Affects: fedora-all [bug 1296221]

Comment 25 Martin Prpič 2016-01-06 15:56:52 UTC
Created nss tracking bugs for this issue:

Affects: fedora-all [bug 1296219]

Comment 26 Martin Prpič 2016-01-06 15:56:59 UTC
Created openssl tracking bugs for this issue:

Affects: fedora-all [bug 1296218]

Comment 28 errata-xmlrpc 2016-01-07 17:23:47 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7
  Red Hat Enterprise Linux 6

Via RHSA-2016:0007 https://rhn.redhat.com/errata/RHSA-2016-0007.html

Comment 29 errata-xmlrpc 2016-01-08 01:26:35 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 7

Via RHSA-2016:0012 https://rhn.redhat.com/errata/RHSA-2016-0012.html

Comment 30 errata-xmlrpc 2016-01-08 01:39:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 7

Via RHSA-2016:0008 https://rhn.redhat.com/errata/RHSA-2016-0008.html

Comment 32 Tomas Hoger 2016-01-20 14:06:23 UTC
OpenJDK 8 upstream commit:

http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/1ad1d1b46fef

For Oracle Java SE, this was corrected in versions 7u95 and 8u71 via Oracle Critical Patch Update - January 2016:

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixJAVA

Comment 34 errata-xmlrpc 2016-01-20 19:14:28 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2016:0050 https://rhn.redhat.com/errata/RHSA-2016-0050.html

Comment 35 errata-xmlrpc 2016-01-20 19:31:53 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:0049 https://rhn.redhat.com/errata/RHSA-2016-0049.html

Comment 38 errata-xmlrpc 2016-01-21 11:39:34 UTC
This issue has been addressed in the following products:

  Oracle Java for Red Hat Enterprise Linux 6
  Oracle Java for Red Hat Enterprise Linux 5
  Oracle Java for Red Hat Enterprise Linux 7

Via RHSA-2016:0056 https://rhn.redhat.com/errata/RHSA-2016-0056.html

Comment 39 errata-xmlrpc 2016-01-21 11:40:51 UTC
This issue has been addressed in the following products:

  Oracle Java for Red Hat Enterprise Linux 6
  Oracle Java for Red Hat Enterprise Linux 7

Via RHSA-2016:0055 https://rhn.redhat.com/errata/RHSA-2016-0055.html

Comment 40 errata-xmlrpc 2016-01-21 11:42:11 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2016:0053 https://rhn.redhat.com/errata/RHSA-2016-0053.html

Comment 41 errata-xmlrpc 2016-01-21 11:58:20 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7
  Red Hat Enterprise Linux 5

Via RHSA-2016:0054 https://rhn.redhat.com/errata/RHSA-2016-0054.html

Comment 43 Fedora Update System 2016-01-23 23:54:36 UTC
openssl101e-1.0.1e-6.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.

Comment 44 errata-xmlrpc 2016-02-02 10:05:16 UTC
This issue has been addressed in the following products:

  Supplementary for Red Hat Enterprise Linux 6
  Supplementary for Red Hat Enterprise Linux 5

Via RHSA-2016:0101 https://rhn.redhat.com/errata/RHSA-2016-0101.html

Comment 45 errata-xmlrpc 2016-02-02 10:06:41 UTC
This issue has been addressed in the following products:

  Supplementary for Red Hat Enterprise Linux 5

Via RHSA-2016:0100 https://rhn.redhat.com/errata/RHSA-2016-0100.html

Comment 46 errata-xmlrpc 2016-02-02 13:39:35 UTC
This issue has been addressed in the following products:

  Supplementary for Red Hat Enterprise Linux 7

Via RHSA-2016:0098 https://rhn.redhat.com/errata/RHSA-2016-0098.html

Comment 47 errata-xmlrpc 2016-02-02 13:53:29 UTC
This issue has been addressed in the following products:

  Supplementary for Red Hat Enterprise Linux 7
  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2016:0099 https://rhn.redhat.com/errata/RHSA-2016-0099.html

Comment 52 errata-xmlrpc 2016-07-18 13:55:42 UTC
This issue has been addressed in the following products:

  Red Hat Satellite 5.6
  Red Hat Satellite 5.7

Via RHSA-2016:1430 https://access.redhat.com/errata/RHSA-2016:1430