[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE request: RFC 4253 section 8 wooes
From: Florent Daigniere <florent.daigniere () trustmatta ! com>
Date: 2015-02-27 11:59:57
Message-ID: 1425038397.11955.26.camel () trustmatta ! com
[Download RAW message or body]
Hi,
RFC 4253 section 8 describes how the DiffieHellman exchange is done in
SSH... It mandates a few sanity bound-checks (for both the values of
exponents and exponentials) that some implementations are not doing...
Can you please assign three CVEs for the following bugs?
MATTA-2015-002 PuTTY
will be fixed in the upcoming release (0.64 I think)
- The exponential is not checked for trivial values
MATTA-2015-001 Dropbox
fixed in: https://secure.ucc.asn.au/hg/dropbear/rev/a1e79ffa5862
- The exponential is not checked for all trivial values (it just does
what the RFC mandates, which is clearly not enough!)
- The exponent picked might be a trivial value (this is theoretical more
than anything else assuming the CSPRNG is working). It's a regression
from 0.49
(https://secure.ucc.asn.au/hg/dropbear/diff/00703f1df67a/random.c)
Further details and a full advisory will be published at=20
https://www.trustmatta.com/advisories/MATTA-2015-001.txt
https://www.trustmatta.com/advisories/MATTA-2015-002.txt
when the patches are in a released build. Our current understanding is
that no third party can take advantage of those bugs unless both the
client and the server are vulnerable AND either side picks a weak
exponent. The likelihood of that happening in practice is almost nil and
the impact limited in any case.
Regards,
Florent
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic