Bug 1591100 (CVE-2018-0732)

Summary: CVE-2018-0732 openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang
Product: [Other] Security Response Reporter: Sam Fowler <sfowler>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: bmaxwell, cdewolf, chazlett, csutherl, darran.lofthouse, dimitris, dmoppert, dosoudil, erik-fedora, fgavrilo, gzaronik, jawilson, jclere, jondruse, jorton, ktietz, lersek, lgao, marcandre.lureau, mbabacek, mturk, myarboro, pgier, pjurak, ppalaga, psakar, pslavice, rjones, rnetuka, rstancel, rsvoboda, sardella, sstavrev, szidek, tmraz, twalsh, vtunka, weli, yozone
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: openssl 1.1.0i, openssl 1.0.2p Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-10 10:29:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1591102, 1591101, 1591806, 1599202    
Bug Blocks: 1591103    

Description Sam Fowler 2018-06-14 05:11:12 UTC
OpenSSL versions 1.1.0 to 1.1.0h and 1.0.2 to 1.0.2o allow malicious servers to send very large primes to a client during DH(E) based TLS handshakes. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack.


External Reference:

https://www.openssl.org/news/secadv/20180612.txt


Upstream Patches:

https://github.com/openssl/openssl/commit/ea7abeeabf92b7aca160bdd0208636d4da69f4f4
https://github.com/openssl/openssl/commit/3984ef0b72831da8b3ece4745cac4f8575b19098

Comment 1 Sam Fowler 2018-06-14 05:11:49 UTC
Created mingw-openssl tracking bugs for this issue:

Affects: fedora-all [bug 1591102]


Created openssl tracking bugs for this issue:

Affects: fedora-all [bug 1591101]

Comment 8 Huzaifa S. Sidhpurwala 2018-07-09 08:23:57 UTC
Analysis:

This is essentially a client crash. When a client complied with openssl connects to a malicious server, the server can send a very large prime in a DHKE handshake. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. This flaw cannot be used to attack the openssl server.

Comment 9 errata-xmlrpc 2018-08-22 21:12:44 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Application Runtimes Node.js 8

Via RHSA-2018:2552 https://access.redhat.com/errata/RHSA-2018:2552

Comment 10 errata-xmlrpc 2018-08-22 21:14:30 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Application Runtimes Node.js 10

Via RHSA-2018:2553 https://access.redhat.com/errata/RHSA-2018:2553

Comment 11 errata-xmlrpc 2018-10-30 07:51:33 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:3221 https://access.redhat.com/errata/RHSA-2018:3221

Comment 12 Joshua Padman 2019-05-15 22:41:54 UTC
This vulnerability is out of security support scope for the following product:
 * Red Hat Enterprise Application Platform 5

Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.

Comment 13 errata-xmlrpc 2019-05-30 14:48:29 UTC
This issue has been addressed in the following products:

  JBoss Core Services Apache HTTP Server 2.4.29 SP2

Via RHSA-2019:1296 https://access.redhat.com/errata/RHSA-2019:1296

Comment 14 errata-xmlrpc 2019-05-30 14:57:12 UTC
This issue has been addressed in the following products:

  JBoss Core Services on RHEL 7
  JBoss Core Services on RHEL 6

Via RHSA-2019:1297 https://access.redhat.com/errata/RHSA-2019:1297

Comment 15 errata-xmlrpc 2019-06-18 19:09:09 UTC
This issue has been addressed in the following products:

  JBoss Core Services Apache HTTP Server 2.4.29 SP2

Via RHSA-2019:1543 https://access.redhat.com/errata/RHSA-2019:1543