Bug 1289841 (CVE-2015-7575, SLOTH) - CVE-2015-7575 TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)
Summary: CVE-2015-7575 TLS 1.2 Transcipt Collision attacks against MD5 in key exchange...
Status: NEW
Alias: CVE-2015-7575, SLOTH
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
(Show other bugs)
Version: unspecified
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20160106,repor...
Keywords: Security
Depends On: 1297310 1289881 1289882 1289883 1289884 1289885 1289886 1289887 1289888 1289889 1289890 1289891 1289892 1296218 1296219 1296221
Blocks: 1289842 1295699 1298491
TreeView+ depends on / blocked
 
Reported: 2015-12-09 06:46 UTC by Huzaifa S. Sidhpurwala
Modified: 2018-10-31 22:45 UTC (History)
37 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client.
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:0007 normal SHIPPED_LIVE Moderate: nss security update 2016-01-07 22:21:07 UTC
Red Hat Product Errata RHSA-2016:0008 normal SHIPPED_LIVE Moderate: openssl security update 2016-01-08 06:39:04 UTC
Red Hat Product Errata RHSA-2016:0012 normal SHIPPED_LIVE Moderate: gnutls security update 2016-01-08 06:26:21 UTC
Red Hat Product Errata RHSA-2016:0049 normal SHIPPED_LIVE Critical: java-1.8.0-openjdk security update 2016-01-21 00:30:34 UTC
Red Hat Product Errata RHSA-2016:0050 normal SHIPPED_LIVE Important: java-1.8.0-openjdk security update 2016-01-21 00:14:13 UTC
Red Hat Product Errata RHSA-2016:0053 normal SHIPPED_LIVE Critical: java-1.7.0-openjdk security update 2016-01-21 16:39:02 UTC
Red Hat Product Errata RHSA-2016:0054 normal SHIPPED_LIVE Important: java-1.7.0-openjdk security update 2016-01-21 16:54:56 UTC
Red Hat Product Errata RHSA-2016:0055 normal SHIPPED_LIVE Critical: java-1.8.0-oracle security update 2017-12-15 03:12:59 UTC
Red Hat Product Errata RHSA-2016:0056 normal SHIPPED_LIVE Critical: java-1.7.0-oracle security update 2017-12-15 15:31:39 UTC
Red Hat Product Errata RHSA-2016:0098 normal SHIPPED_LIVE Critical: java-1.8.0-ibm security update 2016-02-02 18:39:03 UTC
Red Hat Product Errata RHSA-2016:0099 normal SHIPPED_LIVE Critical: java-1.7.1-ibm security update 2016-02-02 18:52:52 UTC
Red Hat Product Errata RHSA-2016:0100 normal SHIPPED_LIVE Critical: java-1.7.0-ibm security update 2016-02-02 15:04:39 UTC
Red Hat Product Errata RHSA-2016:0101 normal SHIPPED_LIVE Critical: java-1.6.0-ibm security update 2016-02-02 15:00:49 UTC
Red Hat Product Errata RHSA-2016:1430 normal SHIPPED_LIVE Moderate: java-1.7.0-ibm and java-1.7.1-ibm security update 2016-07-18 17:51:35 UTC

Description Huzaifa S. Sidhpurwala 2015-12-09 06:46:45 UTC
A new class of transcript collision attacks on the use of MD5 in key exchange protocol was found in TLS 1.2. Due to several high-profile attacks against MD5, there is now consensus among certification authorities and software vendors to stop issuing and accepting new MD5 certificates. However MD5 continues to be supported in key exchange protocol for TLS 1.2 and also in IPSec and SSH-2. A almost-practical impersonation and downgrade attack was demostrated for IKEv2 and SSH-2 and also a concrete credential forwarding attack against TLS 1.2 client authentication.

Comment 1 Huzaifa S. Sidhpurwala 2015-12-09 06:56:56 UTC
It seems openssl already disables RSA+MD5, see:

https://github.com/openssl/openssl/commit/45473632c54947859a731dfe2db087c002ef7aa7

Comment 19 Huzaifa S. Sidhpurwala 2015-12-10 05:56:19 UTC
CVE-2015-7575 has been assigned to this issue.

Comment 24 Martin Prpič 2016-01-06 15:56:42 UTC
Created gnutls tracking bugs for this issue:

Affects: fedora-all [bug 1296221]

Comment 25 Martin Prpič 2016-01-06 15:56:52 UTC
Created nss tracking bugs for this issue:

Affects: fedora-all [bug 1296219]

Comment 26 Martin Prpič 2016-01-06 15:56:59 UTC
Created openssl tracking bugs for this issue:

Affects: fedora-all [bug 1296218]

Comment 28 errata-xmlrpc 2016-01-07 17:23:47 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7
  Red Hat Enterprise Linux 6

Via RHSA-2016:0007 https://rhn.redhat.com/errata/RHSA-2016-0007.html

Comment 29 errata-xmlrpc 2016-01-08 01:26:35 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 7

Via RHSA-2016:0012 https://rhn.redhat.com/errata/RHSA-2016-0012.html

Comment 30 errata-xmlrpc 2016-01-08 01:39:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 7

Via RHSA-2016:0008 https://rhn.redhat.com/errata/RHSA-2016-0008.html

Comment 32 Tomas Hoger 2016-01-20 14:06:23 UTC
OpenJDK 8 upstream commit:

http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/1ad1d1b46fef

For Oracle Java SE, this was corrected in versions 7u95 and 8u71 via Oracle Critical Patch Update - January 2016:

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixJAVA

Comment 34 errata-xmlrpc 2016-01-20 19:14:28 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2016:0050 https://rhn.redhat.com/errata/RHSA-2016-0050.html

Comment 35 errata-xmlrpc 2016-01-20 19:31:53 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:0049 https://rhn.redhat.com/errata/RHSA-2016-0049.html

Comment 38 errata-xmlrpc 2016-01-21 11:39:34 UTC
This issue has been addressed in the following products:

  Oracle Java for Red Hat Enterprise Linux 6
  Oracle Java for Red Hat Enterprise Linux 5
  Oracle Java for Red Hat Enterprise Linux 7

Via RHSA-2016:0056 https://rhn.redhat.com/errata/RHSA-2016-0056.html

Comment 39 errata-xmlrpc 2016-01-21 11:40:51 UTC
This issue has been addressed in the following products:

  Oracle Java for Red Hat Enterprise Linux 6
  Oracle Java for Red Hat Enterprise Linux 7

Via RHSA-2016:0055 https://rhn.redhat.com/errata/RHSA-2016-0055.html

Comment 40 errata-xmlrpc 2016-01-21 11:42:11 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2016:0053 https://rhn.redhat.com/errata/RHSA-2016-0053.html

Comment 41 errata-xmlrpc 2016-01-21 11:58:20 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7
  Red Hat Enterprise Linux 5

Via RHSA-2016:0054 https://rhn.redhat.com/errata/RHSA-2016-0054.html

Comment 43 Fedora Update System 2016-01-23 23:54:36 UTC
openssl101e-1.0.1e-6.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.

Comment 44 errata-xmlrpc 2016-02-02 10:05:16 UTC
This issue has been addressed in the following products:

  Supplementary for Red Hat Enterprise Linux 6
  Supplementary for Red Hat Enterprise Linux 5

Via RHSA-2016:0101 https://rhn.redhat.com/errata/RHSA-2016-0101.html

Comment 45 errata-xmlrpc 2016-02-02 10:06:41 UTC
This issue has been addressed in the following products:

  Supplementary for Red Hat Enterprise Linux 5

Via RHSA-2016:0100 https://rhn.redhat.com/errata/RHSA-2016-0100.html

Comment 46 errata-xmlrpc 2016-02-02 13:39:35 UTC
This issue has been addressed in the following products:

  Supplementary for Red Hat Enterprise Linux 7

Via RHSA-2016:0098 https://rhn.redhat.com/errata/RHSA-2016-0098.html

Comment 47 errata-xmlrpc 2016-02-02 13:53:29 UTC
This issue has been addressed in the following products:

  Supplementary for Red Hat Enterprise Linux 7
  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2016:0099 https://rhn.redhat.com/errata/RHSA-2016-0099.html

Comment 52 errata-xmlrpc 2016-07-18 13:55:42 UTC
This issue has been addressed in the following products:

  Red Hat Satellite 5.6
  Red Hat Satellite 5.7

Via RHSA-2016:1430 https://access.redhat.com/errata/RHSA-2016:1430


Note You need to log in before you can comment on or make changes to this bug.