Bug 1283137 - (CVE-2015-7503) CVE-2015-7503 php-ZendFramework2: Usage of vulnerable PKCS#1 v1.5 padding allows to recover RSA private key
CVE-2015-7503 php-ZendFramework2: Usage of vulnerable PKCS#1 v1.5 padding all...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20151123,repo...
: Security
Depends On: 1289319 1289317 1289318
Blocks: 1289320
  Show dependency treegraph
 
Reported: 2015-11-18 06:10 EST by Adam Mariš
Modified: 2015-12-07 15:54 EST (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Adam Mariš 2015-11-18 06:10:53 EST
It was found that `Zend\Crypt\PublicKey\Rsa\PublicKey` has a call to `openssl_public_encrypt()`, which uses PHP's default `$padding` argument, which specifies `OPENSSL_PKCS1_PADDING`, indicating usage of PKCS1v1.5 padding. This padding has a known vulnerability, the Bleichenbacher's chosen-ciphertext attack, that can be used to recover an RSA private key.
Comment 1 Kurt Seifried 2015-12-07 15:50:31 EST
This is now public:

http://framework.zend.com/security/advisory/ZF2015-10
Comment 3 Kurt Seifried 2015-12-07 15:51:51 EST
Created php-ZendFramework2 tracking bugs for this issue:

Affects: fedora-all [bug 1289317]
Affects: epel-all [bug 1289318]

Note You need to log in before you can comment on or make changes to this bug.