Date: Mon, 1 Feb 2016 16:32:55 +0100 From: Gerhard Rieger <gerhard@...t-unreach.org> To: oss-security@...ts.openwall.com Subject: Socat security advisory 7 - Created new 2048bit DH modulus Socat security advisory 7 - Created new 2048bit DH modulus Overview In the OpenSSL address implementation the hard coded 1024 bit DH p parameter was not prime. The effective cryptographic strength of a key exchange using these parameters was weaker than the one one could get by using a prime p. Moreover, since there is no indication of how these parameters were chosen, the existence of a trapdoor that makes possible for an eavesdropper to recover the shared secret from a key exchange that uses them cannot be ruled out. A new prime modulus p parameter has been generated by Socat developer using OpenSSL dhparam command. In addition the new parameter is 2048 bit long. Vulnerability Ids: Socat security issue 7 MSVR-1499 Severity: Unknown Affected versions 184.108.40.206 2.0.0-b8 Not affected or corrected versions 220.127.116.11 - 18.104.22.168 22.214.171.124 and later 2.0.0-b1 - 2.0.0-b7 2.0.0-b9 and later Workaround Disable DH ciphers Download The updated sources can be downloaded from: http://www.dest-unreach.org/socat/download/socat-126.96.36.199.tar.gz http://www.dest-unreach.org/socat/download/socat-2.0.0-b9.tar gz Acknowledgments Santiago Zanella-Beguelin and Microsoft Vulnerability Research (MSVR). Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ