Bug 660650 (CVE-2008-7270)

Summary: CVE-2008-7270 openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG downgrade-to-disabled ciphersuite attack
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: mvadkert, tmraz
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-05-02 16:58:27 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 659763, 659764, 659771, 659775    
Bug Blocks:    

Description Tomas Hoger 2010-12-07 13:47:51 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-7270  to
the following vulnerability:

OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a different vulnerability than CVE-2010-4180.

References:
http://cvs.openssl.org/chngview?cn=17489
https://bugzilla.redhat.com/show_bug.cgi?id=659462

Comment 1 Tomas Hoger 2010-12-07 13:53:17 UTC
(In reply to comment #0)
> a different vulnerability than CVE-2010-4180.

While CVE description lists these vulnerabilities as different, they are related.  The use of SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG gives an attacker possibility to changed ciphersuite in the stored session (CVE-2010-4180).  The impact of that flaw is greater in pre-0.9.8j versions, as session ciphersuite can be changed to one of those that are not enabled on the server side (CVE-2008-7270).  See bug #659462, comment #0 for the details.

Comment 2 errata-xmlrpc 2010-12-13 18:15:22 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4

Via RHSA-2010:0977 https://rhn.redhat.com/errata/RHSA-2010-0977.html

Comment 3 errata-xmlrpc 2010-12-13 18:35:53 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2010:0978 https://rhn.redhat.com/errata/RHSA-2010-0978.html

Comment 4 errata-xmlrpc 2011-06-22 23:16:56 UTC
This issue has been addressed in following products:

  JBoss Enterprise Web Server 1.0

Via RHSA-2011:0896 https://rhn.redhat.com/errata/RHSA-2011-0896.html