Bug 857737 (CVE-2012-4930)

Summary: CVE-2012-4930 SPDY: SSL/TLS CRIME attack
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: gecko-bugs-nobody, huzaifas, jhorak, stransky
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: public=20120913,reported=20120907,source=internet,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,rhel-5/firefox=notaffected,rhel-6/firefox=notaffected
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-09-16 12:51:41 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Bug Depends On:    
Bug Blocks: 855407    

Description Tomas Hoger 2012-09-16 12:44:28 EDT
CVE-2012-4930 was assigned to the following issue:

The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown
string in an HTTP header, aka a "CRIME" attack.

References:

http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/
http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html
http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312
http://www.ekoparty.org/2012/thai-duong.php
http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091
http://www.theregister.co.uk/2012/09/14/crime_tls_attack/
https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls
Comment 1 Tomas Hoger 2012-09-16 12:51:41 EDT
Reporters of the CRIME attack have published two variants of the attack:

- SSL/TLS connection with zlib compression - that issue got CVE-2012-4929 and is tracked via bug 857051
- SPDY protocol with header compression used over SSL/TLS connection without zlib compression, tracked via this bug

Bug 857051 already contains additional information and links regarding the CRIME attack.  It also notes (in bug 857051, comment 4) that Mozilla Firefox versions shipped with Red Hat Enterprise Linux 5 and 6 do not support SPDY protocol, and are therefore unaffected by the SPDY attack vector.

Statement:

Not vulnerable. This issue did not affect the versions of Firefox as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include SPDY protocol support.
Comment 2 Tomas Hoger 2012-09-24 03:41:27 EDT
*** Bug 859827 has been marked as a duplicate of this bug. ***
Comment 3 Tomas Hoger 2012-09-24 12:25:24 EDT
Adam Langley's (Google developer working on Chrome) blog post explaining some details of the attack, change that was applied to block SPDY attack variant (SPDY compression was disabled in Firefox 15 and Chrome 21), and some changes planned for future SPDY versions that would allow re-enabling header compression without re-introducing this problem.

http://www.imperialviolet.org/2012/09/21/crime.html