Red Hat Bugzilla – Bug 1015946
CVE-2013-5915 polarssl: Information disclosure of RSA private keys
Last modified: 2015-08-19 04:19:24 EDT
PolarSSL's RSA implementation was found to have a bias in the implementation of Montgomery multiplication. It can be used to mount an attack on RSA key.
Here, a third party can send arbitrary handshake messages to the server. If correctly executed, this attack could reveal the entire private RSA key after a large number of attack messages are sent to show the timing differences.
There is a known workaround to Disable CRT (#define POLARSSL_RSA_NO_CRT) in config.h. The code will be much slower, but unaffected by this attack, but best is to upgrade to either 1.2.9 or 1.3.0.
Created polarssl tracking bugs for this issue:
Affects: fedora-all [bug 1015947]
Further improved in 1.2.10 to make it thread-safe:
All fedora versions already had 1.2.9 in testing when this was filed. It would be nice if your automatic tools were a bit smarter.
polarssl-1.2.10-2.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
polarssl-1.2.10-2.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.