Bug 1520400 (CVE-2017-1000385)

Summary: CVE-2017-1000385 erlang: TLS server vulnerable to Adaptive Chosen Ciphertext attack allowing plaintext recovery or MITM attack
Product: [Other] Security Response Reporter: Adam Mariš <amaris>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: apevec, chrisw, cpelland, dajohnso, gblomqui, gmccullo, grocha, gtanzill, hhudgeon, jeckersb, jfrey, jhardy, jjoyce, jprause, jschluet, kbasil, lemenkov, lhh, lpeer, markmc, mburns, obarenbo, plemenko, rbryant, rhbugs, rjones, roliveri, sclewis, simaishi, slinaber, s, tdecacqu
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: erlang 20.1.7 Doc Type: If docs needed, set a value
Doc Text:
An erlang TLS server configured with cipher suites using RSA key exchange, may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA. This may result in plain-text recovery of encrypted messages and/or a man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server’s private key itself.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-08 03:32:39 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1520401, 1525246, 1525247, 1525248, 1525249, 1526524, 1526525    
Bug Blocks: 1520468    

Description Adam Mariš 2017-12-04 12:35:00 UTC 
An erlang TLS server configured with cipher suites using rsa key exchange, may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server’s private key itself.

References:

https://groups.google.com/forum/#!topic/erlang-programming/J0LH-j6fRlM
Comment 1 Adam Mariš 2017-12-04 12:35:19 UTC 
Created erlang tracking bugs for this issue:

Affects: fedora-all [bug 1520401]
Comment 5 Gabriel Rocha 2017-12-13 09:48:41 UTC 
This is not high touch. As per IRC discussion earlier with Garth, making this high touch adds no value to anything.
Comment 8 errata-xmlrpc 2018-01-30 19:53:33 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 12.0 (Pike)

Via RHSA-2018:0242 https://access.redhat.com/errata/RHSA-2018:0242
Comment 9 errata-xmlrpc 2018-02-13 16:14:32 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 11.0 (Ocata)

Via RHSA-2018:0303 https://access.redhat.com/errata/RHSA-2018:0303
Comment 10 errata-xmlrpc 2018-02-27 16:22:37 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 10.0 (Newton)

Via RHSA-2018:0368 https://access.redhat.com/errata/RHSA-2018:0368
Comment 11 errata-xmlrpc 2018-03-15 12:34:29 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 9.0 (Mitaka)

Via RHSA-2018:0528 https://access.redhat.com/errata/RHSA-2018:0528
Comment 12 Kurt Seifried 2018-03-20 18:28:31 UTC 
Statement:

This issue affects the versions of erlang as shipped with Red Hat CloudForms 4. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.