1311613 – (CVE-2015-7824) CVE-2015-7824 botan: padding oracle attack on TLS

Bug 1311613 (CVE-2015-7824) - CVE-2015-7824 botan: padding oracle attack on TLS

Summary: CVE-2015-7824 botan: padding oracle attack on TLS

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	CVE-2015-7824
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-02-24 15:23 UTC by Andrej Nemec
Modified:	2021-02-17 04:18 UTC (History)
CC List:	1 user (show)
Fixed In Version:	botan 1.11.22
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-01-31 16:54:23 UTC
Embargoed:

Attachments	(Terms of Use)

Description Andrej Nemec 2016-02-24 15:23:55 UTC

A padding oracle attack was possible against TLS CBC ciphersuites because if a certain length check on the packet fields failed, a different alert type than one used for message authentication failure would be returned to the sender. This check triggering would leak information about the value of the padding bytes and could be used to perform iterative decryption.

As with most such oracle attacks, the danger depends on the underlying protocol - HTTP servers are particularly vulnerable. The current analysis suggests that to exploit it an attacker would first have to guess several bytes of plaintext, but again this is quite possible in many situations including HTTP.

External references:

http://botan.randombit.net/security.html

Comment 1 Thomas Moschny 2016-04-29 18:33:07 UTC

CVE-2015-7824 only affects 1.11.X for X<22.

In Fedora/EPEL, we have 1.8.X and 1.10.X (i.e. stable) versions.

Note You need to log in before you can comment on or make changes to this bug.