Date: Fri, 27 Feb 2015 12:59:57 +0100 From: Florent Daigniere <florent.daigniere@...stmatta.com> To: oss-security@...ts.openwall.com Subject: CVE request: RFC 4253 section 8 wooes Hi, RFC 4253 section 8 describes how the DiffieHellman exchange is done in SSH... It mandates a few sanity bound-checks (for both the values of exponents and exponentials) that some implementations are not doing... Can you please assign three CVEs for the following bugs? MATTA-2015-002 PuTTY will be fixed in the upcoming release (0.64 I think) - The exponential is not checked for trivial values MATTA-2015-001 Dropbox fixed in: https://secure.ucc.asn.au/hg/dropbear/rev/a1e79ffa5862 - The exponential is not checked for all trivial values (it just does what the RFC mandates, which is clearly not enough!) - The exponent picked might be a trivial value (this is theoretical more than anything else assuming the CSPRNG is working). It's a regression from 0.49 (https://secure.ucc.asn.au/hg/dropbear/diff/00703f1df67a/random.c) Further details and a full advisory will be published at https://www.trustmatta.com/advisories/MATTA-2015-001.txt https://www.trustmatta.com/advisories/MATTA-2015-002.txt when the patches are in a released build. Our current understanding is that no third party can take advantage of those bugs unless both the client and the server are vulnerable AND either side picks a weak exponent. The likelihood of that happening in practice is almost nil and the impact limited in any case. Regards, Florent Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ