The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

cybersecurity announce CVE-2015-3193

OpenSSL: disclosure of DH private key via BN_mod_exp

Synthesis of the vulnerability

An attacker, with a significant amount of resources, can attack the DH algorithm, in some OpenSSL usages, in order to compute the private key.
Severity of this threat: 1/4.
Creation date: 03/12/2015.
Références of this weakness: 1972951, 2003480, 2003620, 2003673, 9010051, BSA-2016-006, bulletinjan2018, c05398322, CERTFR-2015-AVI-517, cisco-sa-20151204-openssl, cpuoct2017, CVE-2015-3193, FEDORA-2015-605de37b7f, HPESBHF03709, JSA10759, NTAP-20151207-0001, SA40100, SB10203, SOL12824341, SOL30714460, SOL55540723, SOL86772626, SSA:2015-349-04, USN-2830-1, VIGILANCE-VUL-18434.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The OpenSSL library uses the BN_mod_exp() function to perform a modular exponentiation on large numbers.

However, on an x86_64 processor, the BN_mod_exp() function can generate an incorrect result during the Montgomery Squaring procedure.

An attacker, with a significant amount of resources, can therefore attack the DH algorithm, in some OpenSSL usages, in order to compute the private key.
Full Vigil@nce bulletin... (Free trial)

This threat alert impacts software or systems such as Tomcat, FabricOS, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ATA, Cisco AnyConnect Secure Mobility Client, ASA, AsyncOS, Cisco Content SMA, Cisco ESA, Nexus by Cisco, NX-OS, Cisco Prime Access Registrar, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco PRSM, Secure ACS, Cisco CUCM, Cisco MeetingPlace, Cisco WSA, Cisco Wireless Controller, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiClient, FortiGate, FortiGate Virtual Appliance, FortiManager, FortiManager Virtual Appliance, FortiOS, HP Switch, IRAD, Tivoli Storage Manager, BIND, IVE OS, Juniper J-Series, Junos OS, Junos Space, MAG Series by Juniper, NSM Central Manager, NSMXpress, Juniper SA, Juniper SBR, McAfee Email Gateway, Data ONTAP 7-Mode, NetScreen Firewall, ScreenOS, Nodejs Core, OpenSSL, Oracle Communications, Solaris, Pulse Connect Secure, MAG Series by Pulse Secure, Pulse Secure SBR, Puppet, Slackware, stunnel, Ubuntu.

Our Vigil@nce team determined that the severity of this computer vulnerability bulletin is low.

The trust level is of type confirmed by the editor, with an origin of internet client.

An attacker with a expert ability can exploit this weakness note.

Solutions for this threat

OpenSSL: version 1.0.2e.
The version 1.0.2e is fixed:
  http://openssl.org/source/

Apache Tomcat: version 8.0.32.
The version 8.0.32 is fixed:
  http://tomcat.apache.org/download-80.cgi

Brocade: solution for Multiple Vulnerabilities.
The solution is indicated in information sources.

Cisco: solution for OpenSSL.
The solution is indicated in information sources.

F5 BIG-IP: solution for OpenSSL.
The solution is indicated in information sources.

Fedora 23: new openssl packages.
New packages are available:
  Fedora 23: openssl 1.0.2e-1.fc23

Fortinet: fixed versions for OpenSSL.
Fixed versions are indicated in information sources.

HPE Comware Switch: solution for OpenSSL.
The solution is indicated in information sources.

IBM Rational Application Developer: patch for OpenSSL.
A patch is indicated in information sources.

IBM Spectrum Protect: versions 7.1.6.5 and 8.1.0.2.
Versions 7.1.6.5 and 8.1.0.2 are fixed:
  Version 7.1.6.5 : http://www-01.ibm.com/support/docview.wss?uid=swg24042496
  Version 8.1.0.2: http://www.ibm.com/support/docview.wss?uid=swg24043351

ISC BIND: version 9.10.3-P2.
The version 9.10.3-P2 is fixed:
  http://www.isc.org/downloads/

ISC BIND: version 9.9.8-P2.
The version 9.9.8-P2 is fixed:
  http://www.isc.org/downloads/

Juniper: solution for OpenSSL.
The solution is indicated in information sources.

McAfee Email Gateway: version 7.6.404-3328.101.
The version 7.6.404-3328.101 is fixed:
  https://kc.mcafee.com/corporate/index?page=content&id=KB56057

NetApp Data ONTAP: patch for OpenSSL 12/2015.
A patch is available:
  Data ONTAP SMI-S Agent: https://mysupport.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=971461

Node.js: version 4.2.3.
The version 4.2.3 is fixed:
  https://nodejs.org/en/download/

Node.js: version 5.1.1.
The version 5.1.1 is fixed:
  https://nodejs.org/en/download/

Oracle Communications: CPU of October 2017.
A Critical Patch Update is available.

Oracle Solaris: patch for third party software of January 2018 v1.
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

Pulse Secure: solution for OpenSSL.
The solution is indicated in information sources.

Puppet Agent: version 1.3.4.
The version 1.3.4 is fixed:
  https://puppetlabs.com/

Slackware: new openssl packages.
New packages are available:
  Slackware 13.0: openssl 0.9.8zh-*-1_slack13.0
  Slackware 13.1: openssl 0.9.8zh-*-1_slack13.1
  Slackware 13.37: openssl 0.9.8zh-*-1_slack13.37
  Slackware 14.0: openssl 1.0.1q-*-1_slack14.0
  Slackware 14.1: openssl 1.0.1q-*-1_slack14.1

stunnel: version 5.27.
The version 5.27 is fixed:
  https://www.stunnel.org/downloads.html

Ubuntu: new libssl1.0.0 packages.
New packages are available:
  Ubuntu 15.10: libssl1.0.0 1.0.2d-0ubuntu1.2
  Ubuntu 15.04: libssl1.0.0 1.0.1f-1ubuntu11.5
  Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.16
  Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.32
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a software vulnerability bulletin. The Vigil@nce vulnerability database contains several thousand vulnerabilities. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.