Bug 1618861 (CVE-2018-15836) - CVE-2018-15836 openswan: Improper signature verification in try_RSA_signature_v2() fucntion for RSASSA-PKCS1-v1_5 signature scheme
Summary: CVE-2018-15836 openswan: Improper signature verification in try_RSA_signature...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2018-15836
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1618862
TreeView+ depends on / blocked
 
Reported: 2018-08-17 20:05 UTC by Pedro Sampaio
Modified: 2021-02-16 23:11 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2018-08-20 03:04:45 UTC
Embargoed:


Attachments (Terms of Use)

Description Pedro Sampaio 2018-08-17 20:05:38 UTC
A flaw was found in openswan v2.6.50. Improper signature verification for RSASSA-PKCS1-v1_5 signature scheme in the try_RSA_signature_v2() function may leave it open to Bleichenbacher-style signature forgery attacks.

Upstream patch:

https://github.com/xelerance/Openswan/pull/317#issuecomment-413738632

References:

https://lists.openswan.org/pipermail/users/2018-August/023758.html

Comment 1 Paul Wouters 2018-08-17 20:36:14 UTC
note this flaw only affects openswan versions compiled without NSS. When NSS is used as cryptographic library, the RSA routines from NSS are used instead of the custom openswan RSA code that contains the vulnerability.

RHEL has only ever shipped with NSS enabled openswan versions, so no Red Hat products are vulnerable to this bug.

Comment 2 Doran Moppert 2018-08-20 03:04:52 UTC
Statement:

This flaw only affects openswan versions compiled without NSS. When NSS is used as cryptographic library, the RSA routines from NSS are used instead of the custom openswan RSA code that contains the vulnerability.

Red Hat Enterprise Linux has only ever shipped with NSS enabled openswan versions, so no Red Hat products are vulnerable to this bug.


Note You need to log in before you can comment on or make changes to this bug.