Red Hat Bugzilla – Bug 1591100
CVE-2018-0732 openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang
Last modified: 2018-10-30 03:51:48 EDT
OpenSSL versions 1.1.0 to 1.1.0h and 1.0.2 to 1.0.2o allow malicious servers to send very large primes to a client during DH(E) based TLS handshakes. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. External Reference: https://www.openssl.org/news/secadv/20180612.txt Upstream Patches: https://github.com/openssl/openssl/commit/ea7abeeabf92b7aca160bdd0208636d4da69f4f4 https://github.com/openssl/openssl/commit/3984ef0b72831da8b3ece4745cac4f8575b19098
Created mingw-openssl tracking bugs for this issue: Affects: fedora-all [bug 1591102] Created openssl tracking bugs for this issue: Affects: fedora-all [bug 1591101]
Analysis: This is essentially a client crash. When a client complied with openssl connects to a malicious server, the server can send a very large prime in a DHKE handshake. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. This flaw cannot be used to attack the openssl server.
This issue has been addressed in the following products: Red Hat OpenShift Application Runtimes Node.js 8 Via RHSA-2018:2552 https://access.redhat.com/errata/RHSA-2018:2552
This issue has been addressed in the following products: Red Hat OpenShift Application Runtimes Node.js 10 Via RHSA-2018:2553 https://access.redhat.com/errata/RHSA-2018:2553
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:3221 https://access.redhat.com/errata/RHSA-2018:3221