Bug 705187 (CVE-2011-1923)

Summary: CVE-2011-1923 polarssl: man-in-the-middle during Diffie Hellman key exchange
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED UPSTREAM QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: mads
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-05-20 15:54:50 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 705188    
Bug Blocks:    

Description Vincent Danen 2011-05-16 21:57:50 UTC 
PolarSSL security advisory 2011-01 [1] indicates that it is possible for an attacker to perform a man-in-the-middle attack during the Diffie Hellman key exchange, forcing the calculation of a fully predictable Diffie Hellman secret.

The upstream advisory has a patch, and this is also corrected in version 0.14.2.

[1] http://polarssl.org/trac/wiki/SecurityAdvisory201101
Comment 1 Vincent Danen 2011-05-16 22:00:04 UTC 
Created polarssl tracking bugs for this issue

Affects: fedora-all [bug 705188]
Comment 2 Mads Kiilerich 2011-05-16 22:26:20 UTC 
I am quite sure this is the bug in 0.14.0 that was fixed in 0.14.1 (which included a change that was slightly different from the one in the advisory and was named dhm_verifypub).

Vincent, do you think anything else remains to be done?

I will update to 0.14.2 ASAP but as an ordinary update.
Comment 3 Vincent Danen 2011-05-17 14:32:12 UTC 
The upstream advisory is a bit confusing.  It does indeed say 0.14.0 and earlier is vulnerable, has the patch applicable to 0.14.0, but says to upgrade to 0.14.2.  It doesn't mention 0.14.1 at all.  I'm not sure what that means.

If the patch in question was applied to 0.14.1 (unstable release perhaps?) and that is what we currently provide, then I'm ok with it being a normal update.  Was the only difference that they changed the function name from 0.14.1 to 0.14.2?

Thanks.
Comment 4 Vincent Danen 2011-05-17 23:42:17 UTC 
This was assigned CVE-2011-1923.
Comment 5 Mads Kiilerich 2011-05-18 08:47:16 UTC 
http://polarssl.org/news says about 0.14.2:
The original releases that included the security fix (0.14.1 and 0.99-pre2) have been revoked due to possible copyright issues.
Comment 6 Vincent Danen 2011-05-20 15:54:50 UTC 
Ahhh, thanks for that confirmation.  I'll close these bugs then as they've been dealt with and are current in Fedora now (the fixed 0.14.1).  Thanks!