Bug 925378 - (CVE-2015-2808) VUL-0: CVE-2015-2808: [TRACKERBUG] RC4 (TLS/SSL) invariance weakness and recovery of plaintext LSBs from initial encrypted bytes on certain weak keys a.k.a "Bar mitzvah attack"
(CVE-2015-2808)
VUL-0: CVE-2015-2808: [TRACKERBUG] RC4 (TLS/SSL) invariance weakness and reco...
Status: RESOLVED WONTFIX
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/115400/
CVSSv2:SUSE:CVE-2015-2808:2.6:(AV:N/A...
:
Depends on: 929736 CVE-2015-1931
Blocks:
  Show dependency treegraph
 
Reported: 2015-04-01 09:34 UTC by Andreas Stieger
Modified: 2022-02-13 10:42 UTC (History)
6 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2015-04-01 09:34:22 UTC
CVE-2015-2808

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not
properly combine state data with key data during the initialization phase, which
makes it easier for remote attackers to conduct plaintext-recovery attacks
against the initial bytes of a stream by sniffing network traffic that
occasionally relies on keys affected by the Invariance Weakness, and then using
a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2808
https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf
Comment 1 Swamp Workflow Management 2015-04-01 22:00:35 UTC
bugbot adjusting priority
Comment 2 Andreas Stieger 2015-05-05 14:12:43 UTC
Research into ciphers, digest and key exchange algorithms in the TLS/SSL stack will continue to discover weaknesses and attacks.

In this case, RC4 can be considered weak and it's use dis-encouraged, however there will be no disabling patches for existing SLE products to remove RC4 functionality. Remediation is available through configuration if loss of compatibility with RC4 is acceptable.

For new products, e.g. Apache httpd in SLE 12 the default configurations have already been adjusted to exclude RC4. Closing as WONTFIX.
Comment 3 james hostelley 2016-10-12 12:53:55 UTC
Can we upgrade open SSL to version 1.1.0 to fix this vulnerability within sentinel running on SLES 11 SP4?
Comment 4 Marcus Meissner 2016-10-12 13:26:37 UTC
(In reply to james hostelley from comment #3)
> Can we upgrade open SSL to version 1.1.0 to fix this vulnerability within
> sentinel running on SLES 11 SP4?

No.

Just use !RC4 in your ssl cipher strings for instance.