Bug 1289841 (CVE-2015-7575, SLOTH) - CVE-2015-7575 TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)
Summary: CVE-2015-7575 TLS 1.2 Transcipt Collision attacks against MD5 in key exchange...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2015-7575, SLOTH
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1289881 1289882 1289883 1289884 1289885 1289886 1289887 1289888 1289889 1289890 1289891 1289892 1296218 1296219 1296221 1297310
Blocks: 1289842 1295699 1298491
TreeView+ depends on / blocked
 
Reported: 2015-12-09 06:46 UTC by Huzaifa S. Sidhpurwala
Modified: 2021-02-17 04:38 UTC (History)
37 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client.
Clone Of:
Environment:
Last Closed: 2019-06-08 02:46:17 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:0007 0 normal SHIPPED_LIVE Moderate: nss security update 2016-01-07 22:21:07 UTC
Red Hat Product Errata RHSA-2016:0008 0 normal SHIPPED_LIVE Moderate: openssl security update 2016-01-08 06:39:04 UTC
Red Hat Product Errata RHSA-2016:0012 0 normal SHIPPED_LIVE Moderate: gnutls security update 2016-01-08 06:26:21 UTC
Red Hat Product Errata RHSA-2016:0049 0 normal SHIPPED_LIVE Critical: java-1.8.0-openjdk security update 2016-01-21 00:30:34 UTC
Red Hat Product Errata RHSA-2016:0050 0 normal SHIPPED_LIVE Important: java-1.8.0-openjdk security update 2016-01-21 00:14:13 UTC
Red Hat Product Errata RHSA-2016:0053 0 normal SHIPPED_LIVE Critical: java-1.7.0-openjdk security update 2016-01-21 16:39:02 UTC
Red Hat Product Errata RHSA-2016:0054 0 normal SHIPPED_LIVE Important: java-1.7.0-openjdk security update 2016-01-21 16:54:56 UTC
Red Hat Product Errata RHSA-2016:0055 0 normal SHIPPED_LIVE Critical: java-1.8.0-oracle security update 2017-12-15 03:12:59 UTC
Red Hat Product Errata RHSA-2016:0056 0 normal SHIPPED_LIVE Critical: java-1.7.0-oracle security update 2017-12-15 15:31:39 UTC
Red Hat Product Errata RHSA-2016:0098 0 normal SHIPPED_LIVE Critical: java-1.8.0-ibm security update 2016-02-02 18:39:03 UTC
Red Hat Product Errata RHSA-2016:0099 0 normal SHIPPED_LIVE Critical: java-1.7.1-ibm security update 2016-02-02 18:52:52 UTC
Red Hat Product Errata RHSA-2016:0100 0 normal SHIPPED_LIVE Critical: java-1.7.0-ibm security update 2016-02-02 15:04:39 UTC
Red Hat Product Errata RHSA-2016:0101 0 normal SHIPPED_LIVE Critical: java-1.6.0-ibm security update 2016-02-02 15:00:49 UTC
Red Hat Product Errata RHSA-2016:1430 0 normal SHIPPED_LIVE Moderate: java-1.7.0-ibm and java-1.7.1-ibm security update 2016-07-18 17:51:35 UTC

Description Huzaifa S. Sidhpurwala 2015-12-09 06:46:45 UTC
A new class of transcript collision attacks on the use of MD5 in key exchange protocol was found in TLS 1.2. Due to several high-profile attacks against MD5, there is now consensus among certification authorities and software vendors to stop issuing and accepting new MD5 certificates. However MD5 continues to be supported in key exchange protocol for TLS 1.2 and also in IPSec and SSH-2. A almost-practical impersonation and downgrade attack was demostrated for IKEv2 and SSH-2 and also a concrete credential forwarding attack against TLS 1.2 client authentication.

Comment 1 Huzaifa S. Sidhpurwala 2015-12-09 06:56:56 UTC
It seems openssl already disables RSA+MD5, see:

https://github.com/openssl/openssl/commit/45473632c54947859a731dfe2db087c002ef7aa7

Comment 19 Huzaifa S. Sidhpurwala 2015-12-10 05:56:19 UTC
CVE-2015-7575 has been assigned to this issue.

Comment 24 Martin Prpič 2016-01-06 15:56:42 UTC
Created gnutls tracking bugs for this issue:

Affects: fedora-all [bug 1296221]

Comment 25 Martin Prpič 2016-01-06 15:56:52 UTC
Created nss tracking bugs for this issue:

Affects: fedora-all [bug 1296219]

Comment 26 Martin Prpič 2016-01-06 15:56:59 UTC
Created openssl tracking bugs for this issue:

Affects: fedora-all [bug 1296218]

Comment 28 errata-xmlrpc 2016-01-07 17:23:47 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7
  Red Hat Enterprise Linux 6

Via RHSA-2016:0007 https://rhn.redhat.com/errata/RHSA-2016-0007.html

Comment 29 errata-xmlrpc 2016-01-08 01:26:35 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 7

Via RHSA-2016:0012 https://rhn.redhat.com/errata/RHSA-2016-0012.html

Comment 30 errata-xmlrpc 2016-01-08 01:39:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 7

Via RHSA-2016:0008 https://rhn.redhat.com/errata/RHSA-2016-0008.html

Comment 32 Tomas Hoger 2016-01-20 14:06:23 UTC
OpenJDK 8 upstream commit:

http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/1ad1d1b46fef

For Oracle Java SE, this was corrected in versions 7u95 and 8u71 via Oracle Critical Patch Update - January 2016:

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixJAVA

Comment 34 errata-xmlrpc 2016-01-20 19:14:28 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2016:0050 https://rhn.redhat.com/errata/RHSA-2016-0050.html

Comment 35 errata-xmlrpc 2016-01-20 19:31:53 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:0049 https://rhn.redhat.com/errata/RHSA-2016-0049.html

Comment 38 errata-xmlrpc 2016-01-21 11:39:34 UTC
This issue has been addressed in the following products:

  Oracle Java for Red Hat Enterprise Linux 6
  Oracle Java for Red Hat Enterprise Linux 5
  Oracle Java for Red Hat Enterprise Linux 7

Via RHSA-2016:0056 https://rhn.redhat.com/errata/RHSA-2016-0056.html

Comment 39 errata-xmlrpc 2016-01-21 11:40:51 UTC
This issue has been addressed in the following products:

  Oracle Java for Red Hat Enterprise Linux 6
  Oracle Java for Red Hat Enterprise Linux 7

Via RHSA-2016:0055 https://rhn.redhat.com/errata/RHSA-2016-0055.html

Comment 40 errata-xmlrpc 2016-01-21 11:42:11 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2016:0053 https://rhn.redhat.com/errata/RHSA-2016-0053.html

Comment 41 errata-xmlrpc 2016-01-21 11:58:20 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7
  Red Hat Enterprise Linux 5

Via RHSA-2016:0054 https://rhn.redhat.com/errata/RHSA-2016-0054.html

Comment 43 Fedora Update System 2016-01-23 23:54:36 UTC
openssl101e-1.0.1e-6.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.

Comment 44 errata-xmlrpc 2016-02-02 10:05:16 UTC
This issue has been addressed in the following products:

  Supplementary for Red Hat Enterprise Linux 6
  Supplementary for Red Hat Enterprise Linux 5

Via RHSA-2016:0101 https://rhn.redhat.com/errata/RHSA-2016-0101.html

Comment 45 errata-xmlrpc 2016-02-02 10:06:41 UTC
This issue has been addressed in the following products:

  Supplementary for Red Hat Enterprise Linux 5

Via RHSA-2016:0100 https://rhn.redhat.com/errata/RHSA-2016-0100.html

Comment 46 errata-xmlrpc 2016-02-02 13:39:35 UTC
This issue has been addressed in the following products:

  Supplementary for Red Hat Enterprise Linux 7

Via RHSA-2016:0098 https://rhn.redhat.com/errata/RHSA-2016-0098.html

Comment 47 errata-xmlrpc 2016-02-02 13:53:29 UTC
This issue has been addressed in the following products:

  Supplementary for Red Hat Enterprise Linux 7
  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2016:0099 https://rhn.redhat.com/errata/RHSA-2016-0099.html

Comment 52 errata-xmlrpc 2016-07-18 13:55:42 UTC
This issue has been addressed in the following products:

  Red Hat Satellite 5.6
  Red Hat Satellite 5.7

Via RHSA-2016:1430 https://access.redhat.com/errata/RHSA-2016:1430


Note You need to log in before you can comment on or make changes to this bug.