Bug 1591100 (CVE-2018-0732) - CVE-2018-0732 openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang
Summary: CVE-2018-0732 openssl: Malicious server can send large prime to client during...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2018-0732
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20180612,repor...
Depends On: 1591102 1591101 1591806 1599202
Blocks: 1591103
TreeView+ depends on / blocked
 
Reported: 2018-06-14 05:11 UTC by Sam Fowler
Modified: 2019-06-18 19:09 UTC (History)
39 users (show)

Fixed In Version: openssl 1.1.0i, openssl 1.0.2p
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-10 10:29:05 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:2552 None None None 2018-08-22 21:12:57 UTC
Red Hat Product Errata RHSA-2018:2553 None None None 2018-08-22 21:14:43 UTC
Red Hat Product Errata RHSA-2018:3221 None None None 2018-10-30 07:51:47 UTC
Red Hat Product Errata RHSA-2019:1296 None None None 2019-05-30 14:48:31 UTC
Red Hat Product Errata RHSA-2019:1297 None None None 2019-05-30 14:57:14 UTC
Red Hat Product Errata RHSA-2019:1543 None None None 2019-06-18 19:09:10 UTC

Description Sam Fowler 2018-06-14 05:11:12 UTC
OpenSSL versions 1.1.0 to 1.1.0h and 1.0.2 to 1.0.2o allow malicious servers to send very large primes to a client during DH(E) based TLS handshakes. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack.


External Reference:

https://www.openssl.org/news/secadv/20180612.txt


Upstream Patches:

https://github.com/openssl/openssl/commit/ea7abeeabf92b7aca160bdd0208636d4da69f4f4
https://github.com/openssl/openssl/commit/3984ef0b72831da8b3ece4745cac4f8575b19098

Comment 1 Sam Fowler 2018-06-14 05:11:49 UTC
Created mingw-openssl tracking bugs for this issue:

Affects: fedora-all [bug 1591102]


Created openssl tracking bugs for this issue:

Affects: fedora-all [bug 1591101]

Comment 8 Huzaifa S. Sidhpurwala 2018-07-09 08:23:57 UTC
Analysis:

This is essentially a client crash. When a client complied with openssl connects to a malicious server, the server can send a very large prime in a DHKE handshake. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. This flaw cannot be used to attack the openssl server.

Comment 9 errata-xmlrpc 2018-08-22 21:12:44 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Application Runtimes Node.js 8

Via RHSA-2018:2552 https://access.redhat.com/errata/RHSA-2018:2552

Comment 10 errata-xmlrpc 2018-08-22 21:14:30 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Application Runtimes Node.js 10

Via RHSA-2018:2553 https://access.redhat.com/errata/RHSA-2018:2553

Comment 11 errata-xmlrpc 2018-10-30 07:51:33 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:3221 https://access.redhat.com/errata/RHSA-2018:3221

Comment 12 Joshua Padman 2019-05-15 22:41:54 UTC
This vulnerability is out of security support scope for the following product:
 * Red Hat Enterprise Application Platform 5

Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.

Comment 13 errata-xmlrpc 2019-05-30 14:48:29 UTC
This issue has been addressed in the following products:

  JBoss Core Services Apache HTTP Server 2.4.29 SP2

Via RHSA-2019:1296 https://access.redhat.com/errata/RHSA-2019:1296

Comment 14 errata-xmlrpc 2019-05-30 14:57:12 UTC
This issue has been addressed in the following products:

  JBoss Core Services on RHEL 7
  JBoss Core Services on RHEL 6

Via RHSA-2019:1297 https://access.redhat.com/errata/RHSA-2019:1297

Comment 15 errata-xmlrpc 2019-06-18 19:09:09 UTC
This issue has been addressed in the following products:

  JBoss Core Services Apache HTTP Server 2.4.29 SP2

Via RHSA-2019:1543 https://access.redhat.com/errata/RHSA-2019:1543


Note You need to log in before you can comment on or make changes to this bug.