Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 1 Feb 2016 16:32:55 +0100
From: Gerhard Rieger <gerhard@...t-unreach.org>
To: oss-security@...ts.openwall.com
Subject: Socat security advisory 7 - Created new 2048bit DH modulus

Socat security advisory 7 - Created new 2048bit DH modulus

Overview
  In the OpenSSL address implementation the hard coded 1024 bit DH p
  parameter was not prime. The effective cryptographic strength of a key
  exchange using these parameters was weaker than the one one could get by
  using a prime p. Moreover, since there is no indication of how these
  parameters were chosen, the existence of a trapdoor that makes possible
  for an eavesdropper to recover the shared secret from a key exchange that
  uses them cannot be ruled out.
  A new prime modulus p parameter has been generated by Socat developer
  using OpenSSL dhparam command.
  In addition the new parameter is 2048 bit long.

Vulnerability Ids:
  Socat security issue 7
  MSVR-1499

Severity: Unknown

Affected versions
  1.7.3.0
  2.0.0-b8

Not affected or corrected versions
  1.0.0.0 - 1.7.2.4
  1.7.3.1 and later
  2.0.0-b1 - 2.0.0-b7
  2.0.0-b9 and later

Workaround
  Disable DH ciphers

Download
  The updated sources can be downloaded from:

    http://www.dest-unreach.org/socat/download/socat-1.7.3.1.tar.gz
    http://www.dest-unreach.org/socat/download/socat-2.0.0-b9.tar gz

Acknowledgments
  Santiago Zanella-Beguelin and Microsoft Vulnerability Research (MSVR).


[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ