Bug 1466265 - (CVE-2017-7526) CVE-2017-7526 libgcrypt: Use of left-to-right sliding window method allows full RSA key recovery
CVE-2017-7526 libgcrypt: Use of left-to-right sliding window method allows fu...
Status: CLOSED WONTFIX
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20170629,repor...
: Security
Depends On: 1466266 1466268 1466267
Blocks: 1466272
  Show dependency treegraph
 
Reported: 2017-06-29 07:29 EDT by Adam Mariš
Modified: 2017-07-06 01:03 EDT (History)
18 users (show)

See Also:
Fixed In Version: libgcrypt 1.7.8
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-07-04 06:11:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Adam Mariš 2017-06-29 07:29:40 EDT
Libgcrypt's RSA-1024 implementation using left-to-right method for computing the sliding-window expansion was found to be vulnerable to cache side-channel attack resulting into complete break of RSA-1024. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.

Upstream patches:

https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=8725c99ffa41778f382ca97233183bcd687bb0ce
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=78130828e9a140a9de4dafadbc844dbb64cb709a
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e6a3dc9900433bbc8ad362a595a3837318c28fa9

External References:

https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html
https://eprint.iacr.org/2017/627
Comment 1 Adam Mariš 2017-06-29 07:30:12 EDT
Acknowledgments:

Name: the Libgcrypt project
Comment 2 Adam Mariš 2017-06-29 07:30:40 EDT
Created libgcrypt tracking bugs for this issue:

Affects: fedora-all [bug 1466267]


Created mingw-libgcrypt tracking bugs for this issue:

Affects: epel-7 [bug 1466268]
Affects: fedora-all [bug 1466266]
Comment 3 Huzaifa S. Sidhpurwala 2017-07-06 01:03:35 EDT
Statement:

This side-channel attack requires that the attacker can run arbitrary software on the hardware where the private RSA key is used. Allowing execute access to a box with private keys should be considered as an unsafe security practice, anyway.  Thus in practice there are easier ways to access the private keys than to mount this side-channel attack. However, on boxes with virtual machines this attack may be used by one VM to steal private keys from another VM.

Note You need to log in before you can comment on or make changes to this bug.