Bug 1466265 (CVE-2017-7526) - CVE-2017-7526 libgcrypt: Use of left-to-right sliding window method allows full RSA key recovery
Summary: CVE-2017-7526 libgcrypt: Use of left-to-right sliding window method allows fu...
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2017-7526
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20170629,repor...
Depends On: 1466268 1466266 1466267
Blocks: 1466272
TreeView+ depends on / blocked
 
Reported: 2017-06-29 11:29 UTC by Adam Mariš
Modified: 2019-06-08 22:05 UTC (History)
17 users (show)

Fixed In Version: libgcrypt 1.7.8
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-07-04 10:11:02 UTC


Attachments (Terms of Use)

Description Adam Mariš 2017-06-29 11:29:40 UTC
Libgcrypt's RSA-1024 implementation using left-to-right method for computing the sliding-window expansion was found to be vulnerable to cache side-channel attack resulting into complete break of RSA-1024. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.

Upstream patches:

https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=8725c99ffa41778f382ca97233183bcd687bb0ce
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=78130828e9a140a9de4dafadbc844dbb64cb709a
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e6a3dc9900433bbc8ad362a595a3837318c28fa9

External References:

https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html
https://eprint.iacr.org/2017/627

Comment 1 Adam Mariš 2017-06-29 11:30:12 UTC
Acknowledgments:

Name: the Libgcrypt project

Comment 2 Adam Mariš 2017-06-29 11:30:40 UTC
Created libgcrypt tracking bugs for this issue:

Affects: fedora-all [bug 1466267]


Created mingw-libgcrypt tracking bugs for this issue:

Affects: epel-7 [bug 1466268]
Affects: fedora-all [bug 1466266]

Comment 3 Huzaifa S. Sidhpurwala 2017-07-06 05:03:35 UTC
Statement:

This side-channel attack requires that the attacker can run arbitrary software on the hardware where the private RSA key is used. Allowing execute access to a box with private keys should be considered as an unsafe security practice, anyway.  Thus in practice there are easier ways to access the private keys than to mount this side-channel attack. However, on boxes with virtual machines this attack may be used by one VM to steal private keys from another VM.


Note You need to log in before you can comment on or make changes to this bug.