Bug 1622089 (CVE-2018-12384) - CVE-2018-12384 nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello
Summary: CVE-2018-12384 nss: ServerHello.random is all zeros when handling a v2-compat...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2018-12384
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1622093 1622094 1623245 1624703 1624704
Blocks: 1616615
TreeView+ depends on / blocked
 
Reported: 2018-08-24 12:33 UTC by Huzaifa S. Sidhpurwala
Modified: 2021-02-16 23:09 UTC (History)
11 users (show)

Fixed In Version: nss 3.36.5, nss 3.39
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack.
Clone Of:
Environment:
Last Closed: 2019-06-10 10:36:55 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:2768 0 None None None 2018-09-25 19:07:38 UTC
Red Hat Product Errata RHSA-2018:2898 0 None None None 2018-10-09 15:50:17 UTC

Description Huzaifa S. Sidhpurwala 2018-08-24 12:33:29 UTC
A flaw was found with NSS library when compiled with a server application. A man-in-the-middle attacker could use this flaw in a passive replay attack.

The most severe issue for confidentiality is for stream ciphers (and AES-GCM), as the server may encrypt different data with the exact same key stream and idempotency, the server may perform same action multiple times without proper authentication

Comment 11 Huzaifa S. Sidhpurwala 2018-09-03 06:26:07 UTC
Created nss tracking bugs for this issue:

Affects: fedora-all [bug 1624704]

Comment 13 Huzaifa S. Sidhpurwala 2018-09-03 06:31:15 UTC
Acknowledgments:

Name: the Mozilla project

Comment 14 Tomas Hoger 2018-09-21 19:18:50 UTC
Upstream bug (currently non-public):

https://bugzilla.mozilla.org/show_bug.cgi?id=1483128

Upstream fix in 3.36 branch (including test):

https://hg.mozilla.org/projects/nss/rev/46f9a1f40c3d
https://hg.mozilla.org/projects/nss/rev/f182a11fbe53

It seems a different fix was used in 3.39 that disables processing of SSLv2 compatible Client Hellos:

https://hg.mozilla.org/projects/nss/rev/2ed9f6afd84e

Comment 15 Hubert Kario 2018-09-24 15:21:37 UTC
> It seems a different fix was used in 3.39 that disables processing of SSLv2 compatible Client Hellos


yes, but NSS packages distributed in Red Hat Enterprise Linux fix the issue, not disable support for SSLv2 compatible Client Hellos

Comment 16 Tomas Hoger 2018-09-25 09:16:18 UTC
Right.  The nss packages currently in Red Hat Enterprise Linux are based on upstream 3.36.  I assume we will eventually update to 3.39 or newer, so I assume we have to consider how we're going to deal with this at that time.

Comment 17 Hubert Kario 2018-09-25 10:50:57 UTC
Support for SSLv2 Client Hello protocol is technically part of API/ABI compatibility so it needs to remain in Red Hat Enterprise Linux 6 and 7.

Comment 19 Daiki Ueno 2018-09-25 10:58:14 UTC
(In reply to Tomas Hoger from comment #14)

> It seems a different fix was used in 3.39 that disables processing of SSLv2
> compatible Client Hellos:

To be clear, the fixes are actually identical in 3.36 and 3.39.  The only difference is that the latter fix was obfuscated as part of a large change:
https://hg.mozilla.org/projects/nss/rev/ee357b00f2e6#l8.272

Comment 20 Tomas Hoger 2018-09-25 12:52:01 UTC
Thank you for the correction Daiki, I had previously failed to find the matching change in 3.39.

Comment 21 errata-xmlrpc 2018-09-25 19:07:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:2768 https://access.redhat.com/errata/RHSA-2018:2768

Comment 22 errata-xmlrpc 2018-10-09 15:50:11 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2018:2898 https://access.redhat.com/errata/RHSA-2018:2898


Note You need to log in before you can comment on or make changes to this bug.