Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Fri, 29 Jul 2016 13:03:34 -0400 (EDT)
From: cve-assign@...re.org
To: huzaifas@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request: nettle's RSA code is vulnerable to cache sharing related attacks

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> The following whitepaper talks about libgcrypt's RSA code being
> vulnerable to a cache timing attack, which the paper claims is fixed in
> 1.6.3.

As far as we can tell, your message did not provide a link to a
whitepaper, and any attachment did not arrive either through direct
email or in any of the oss-security list archives.

> It seems nettle is also vulnerable to this flaw. Which was confirmed by
> upstream via:
> https://lists.lysator.liu.se/pipermail/nettle-bugs/2016/003093.html
> 
> The above link also contains a proposed patch, will be committed soon.

We think the commit already occurred:

  https://git.lysator.liu.se/nettle/nettle/commit/3fe1d6549765ecfb24f0b80b2ed086fdc818bff3

> I would like to request a CVE id for the flaw in nettle.

Use CVE-2016-6489 for the vulnerability that was fixed in
3fe1d6549765ecfb24f0b80b2ed086fdc818bff3.

At this point, we are not assigning any CVE IDs for potential
"incomplete fix" issues mentioned in the 003093.html post, such as
"The CRT code used for RSA signing uses other functions which may
leak, in particular division functions with branches depending on
secret data ... exponents use a normalized size field (so top limb is
non-zero). This might still leak information about the top exponent
bits ... Mini-gmp builds don't try to be side-channel silent."

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXm4v1AAoJEHb/MwWLVhi2e1gP+wSLsNAZzwAJjOhLjYX2vzob
CjfELfdo2uvAJvfydPIUD+T4j0gnHuSAPXJEtXwC9VdRPla5J202B2admS2wnKk+
AXy14vW3trEYvcs4Gp7uqMMoS6K1Qb+rnbOOTsYKcirUk8Ml6yuHS9wDugUwrlyg
G9VipRYFZCSz0pqiz4Lv1mc4ViMz7uQbUZ9oPWthwr8RDhJebdXlab1Co5FwPf8s
IUOrubPlH/rSGsJ/zSWE3HsP8Qcfe3Mg7Rph4mqYiv/amefRcABjyKSo2lgGUcdZ
RoM148KjY+3ys5hEwgYGv4PL7lkm698/lShsgBjyTlyQYpCRHMywBzK9ZorgZA49
Mt+bghgMJEPilWxzwVsoQ53vPjs4IH4p8O1ba0NeBYfX/Crd9q25NMV7FCzzkO1R
H8yRdITvBg9DmDifvWJT9mlnKmtkHEg3sPYr0QSVWI5qUKo4v1XYnNrr9K88rUUq
+ai5/h13gN2hIQW6sc+S/01jO30X4rfL6+REhqz3ri8mi3LRLxj1n8ElaQEO/ulh
USC88qdZpMDIwLl5e3WL11CjZ9EbtxGaFLwzScCm5cFXPPqZmVp1h7iX90380ItT
rRzJ9sfCew+bWFly7l60oefy+OP8u2mIbUMK+dzzm5dkcu+n67uMWB3Rb2/64OpO
WDByvQZt5Gaz6zeYp81s
=Z0L4
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.