Bug 1416856 – CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1416856 - (CVE-2017-3732) CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64

Summary:	CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64

Status:	NEW

Aliases:	CVE-2017-3732

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=moderate,public=20170126,repor...
Keywords:	Security

Depends On:	1416867 1420895 1420896 1416864 1416865 1618719 1618720 1618721 1624844 1624845
Blocks:	1416858
	Show dependency tree / graph

Reported:	2017-01-26 10:44 EST by Andrej Nemec
Modified:	2018-10-19 17:39 EDT (History)
CC List:	55 users (show)

See Also:
Fixed In Version:	openssl 1.0.2k, openssl 1.1.0d
Doc Type:	If docs needed, set a value
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2018:2185	None	None	None	2018-07-12 12:17 EDT
Red Hat Product Errata	RHSA-2018:2186	None	None	None	2018-07-12 12:15 EDT
Red Hat Product Errata	RHSA-2018:2187	None	None	None	2018-07-12 12:05 EDT
Red Hat Product Errata	RHSA-2018:2568	None	None	None	2018-08-27 10:20 EDT
Red Hat Product Errata	RHSA-2018:2575	None	None	None	2018-08-28 15:19 EDT
Red Hat Product Errata	RHSA-2018:2713	None	None	None	2018-09-17 10:53 EDT

Groups: None (edit)

Description Andrej Nemec 2017-01-26 10:44:15 EST

There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites.

Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem.

OpenSSL 1.0.2 users should upgrade to 1.0.2k

External References:

https://www.openssl.org/news/secadv/20170126.txt

Comment 1 Andrej Nemec 2017-01-26 11:08:46 EST

Created openssl101e tracking bugs for this issue:

Affects: epel-5 [bug 1416866]

Comment 2 Andrej Nemec 2017-01-26 11:09:13 EST

Created openssl tracking bugs for this issue:

Affects: fedora-all [bug 1416864]

Comment 3 Andrej Nemec 2017-01-26 11:09:32 EST

Created mingw-openssl tracking bugs for this issue:

Affects: fedora-all [bug 1416865]
Affects: epel-7 [bug 1416867]

Comment 4 Tomas Hoger 2017-01-26 15:43:00 EST

Upstream commit:

https://git.openssl.org/?p=openssl.git;a=commitdiff;h=3f4bcf5bb664b47ed369a70b99fac4e0ad141bb3

Comment 5 Tomas Hoger 2017-01-26 16:24:44 EST

Affected code does not exist in OpenSSL 1.0.1 and earlier.  It's the same code that was affected by the CVE-2015-3193 (bug 1288317).

Comment 8 errata-xmlrpc 2018-07-12 12:05:23 EDT

This issue has been addressed in the following products:

  Red Hat JBoss Core Services

Via RHSA-2018:2187 https://access.redhat.com/errata/RHSA-2018:2187

Comment 9 errata-xmlrpc 2018-07-12 12:15:04 EDT

This issue has been addressed in the following products:

  JBoss Core Services on RHEL 6

Via RHSA-2018:2186 https://access.redhat.com/errata/RHSA-2018:2186

Comment 10 errata-xmlrpc 2018-07-12 12:17:26 EDT

This issue has been addressed in the following products:

  JBoss Core Services on RHEL 7

Via RHSA-2018:2185 https://access.redhat.com/errata/RHSA-2018:2185

Comment 12 errata-xmlrpc 2018-08-27 10:20:14 EDT

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Supplementary

Via RHSA-2018:2568 https://access.redhat.com/errata/RHSA-2018:2568

Comment 13 errata-xmlrpc 2018-08-28 15:18:44 EDT

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Supplementary

Via RHSA-2018:2575 https://access.redhat.com/errata/RHSA-2018:2575

Comment 15 errata-xmlrpc 2018-09-17 10:53:34 EDT

This issue has been addressed in the following products:

  Red Hat Satellite 5.8

Via RHSA-2018:2713 https://access.redhat.com/errata/RHSA-2018:2713

Note You need to log in before you can comment on or make changes to this bug.

apintea
bbaranow
bmaxwell
bmcclain
bugzilla-redhat
cdewolf
cfergeau
chazlett
csutherl
dandread
darran.lofthouse
dblechte
dimitris
dosoudil
eedri
erik-fedora
fgavrilo
fnasser
gklein
gzaronik
huwang
jawilson
jclere
jondruse
jshepherd
ktietz
lersek
lgao
lsurette
marcandre.lureau
mbabacek
mgoldboi
michal.skrivanek
mturk
myarboro
pgier
pjurak
ppalaga
psakar
pslavice
redhat-bugzilla
rh-spice-bugs
rjones
rnetuka
rstancel
rsvoboda
sardella
slawomir
srevivo
tmraz
twalsh
vtunka
weli
ykaul
ylavi