Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1370955 - (CVE-2016-6129) CVE-2016-6129 libtomcrypt: possible OP-TEE Bleichenbacher attack
CVE-2016-6129 libtomcrypt: possible OP-TEE Bleichenbacher attack
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20160826,repor...
: Reopened, Security
Depends On: 1370956 1370957 1471002
Blocks: 1460222
  Show dependency treegraph
 
Reported: 2016-08-28 19:50 EDT by Jeremy Choi
Modified: 2017-09-12 11:34 EDT (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-09-07 10:21:27 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Jeremy Choi 2016-08-28 19:50:24 EDT 
It has been reported that libtomcrypt may be vulnerable to a Bleichenbacher attack due to a vulnerability in rsa_verify_hash.c

CERT has provided the details from Intel Security Advanced Threat Research team.
 
----------------------------------------------------------------------
Bleichenbacher signature forgery attack in OP-TEE
 
    Background
 
    The implementation for RSA signature verification of PKCS 1 v1.5 in the Open Portable Trusted Execution Environment (https://github.com/OP-TEE/optee_os) appears to be vulnerable to a Bleichenbacher signature forgery attack. The vulnerability may result in RSA signature or public certificate forgery when a low public exponent (for example, e = 3) is used.
 
 
 
    Vulnerability
 
    The function rsa_verify_hash_ex (https://github.com/OPTEE/optee_os/blob/master/core/lib/libtomcrypt/src/pk/rsa/rsa_verify_hash.c) does not check the number of remaining bytes in the decrypted message after ASN.1 encoded data.
 
The function decodes the ASN.1 message and checks that it has the correct structure and values (OID and hash). This permits additional data after the ASN.1 message that can be used to forge a PKCS1 v1.5 signature for keys with a low public exponent. The original variant of the attack is described here: https://www.ietf.org/mail-archive/web/openpgp/current/msg00999.html

----------------------------------------------------------------------
Comment 1 Jeremy Choi 2016-08-28 19:51:15 EDT 
Created libtomcrypt tracking bugs for this issue:

Affects: fedora-all [bug 1370956]
Affects: epel-all [bug 1370957]
Comment 3 Borja Tarraso 2017-07-04 10:39:22 EDT 
Acknowledgments:

Name: Borja Tarraso (Red Hat)
Comment 4 Borja Tarraso 2017-07-14 05:00:00 EDT 
RHEV should take the pkgs from the base OS - but double checking with PM to be sure before marking this as fixed.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.