Bug 925378 (CVE-2015-2808)

Summary: VUL-0: CVE-2015-2808: [TRACKERBUG] RC4 (TLS/SSL) invariance weakness and recovery of plaintext LSBs from initial encrypted bytes on certain weak keys a.k.a "Bar mitzvah attack"
Product: [Novell Products] SUSE Security Incidents Reporter: Andreas Stieger <astieger>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED WONTFIX QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: al.kammer, james.hostelley, jsegitz, khris.francisco, meissner, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/115400/
Whiteboard: CVSSv2:SUSE:CVE-2015-2808:2.6:(AV:N/AC:H/Au:N/C:P/I:N/A:N)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on: 929736, 938895    
Bug Blocks:    

Description Andreas Stieger 2015-04-01 09:34:22 UTC 
CVE-2015-2808

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not
properly combine state data with key data during the initialization phase, which
makes it easier for remote attackers to conduct plaintext-recovery attacks
against the initial bytes of a stream by sniffing network traffic that
occasionally relies on keys affected by the Invariance Weakness, and then using
a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2808
https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf
Comment 1 Swamp Workflow Management 2015-04-01 22:00:35 UTC 
bugbot adjusting priority
Comment 2 Andreas Stieger 2015-05-05 14:12:43 UTC 
Research into ciphers, digest and key exchange algorithms in the TLS/SSL stack will continue to discover weaknesses and attacks.

In this case, RC4 can be considered weak and it's use dis-encouraged, however there will be no disabling patches for existing SLE products to remove RC4 functionality. Remediation is available through configuration if loss of compatibility with RC4 is acceptable.

For new products, e.g. Apache httpd in SLE 12 the default configurations have already been adjusted to exclude RC4. Closing as WONTFIX.
Comment 3 james hostelley 2016-10-12 12:53:55 UTC 
Can we upgrade open SSL to version 1.1.0 to fix this vulnerability within sentinel running on SLES 11 SP4?
Comment 4 Marcus Meissner 2016-10-12 13:26:37 UTC 
(In reply to james hostelley from comment #3)
> Can we upgrade open SSL to version 1.1.0 to fix this vulnerability within
> sentinel running on SLES 11 SP4?

No.

Just use !RC4 in your ssl cipher strings for instance.