Bug 925378 – VUL-0: CVE-2015-2808: [TRACKERBUG] RC4 (TLS/SSL) invariance weakness and recovery of plaintext LSBs from initial encrypted bytes on certain weak keys a.k.a "Bar mitzvah attack"

Bug 925378 - (CVE-2015-2808) VUL-0: CVE-2015-2808: [TRACKERBUG] RC4 (TLS/SSL) invariance weakness and recovery of plaintext LSBs from initial encrypted bytes on certain weak keys a.k.a "Bar mitzvah attack"

(CVE-2015-2808)
Summary:	VUL-0: CVE-2015-2808: [TRACKERBUG] RC4 (TLS/SSL) invariance weakness and reco...

Status:	RESOLVED WONTFIX

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/115400/
Whiteboard:	CVSSv2:SUSE:CVE-2015-2808:2.6:(AV:N/A...
Keywords:

Depends on:	929736 CVE-2015-1931
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2015-04-01 09:34 UTC by Andreas Stieger
Modified:	2022-02-13 10:42 UTC (History)
CC List:	6 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Stieger 2015-04-01 09:34:22 UTC

CVE-2015-2808

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not
properly combine state data with key data during the initialization phase, which
makes it easier for remote attackers to conduct plaintext-recovery attacks
against the initial bytes of a stream by sniffing network traffic that
occasionally relies on keys affected by the Invariance Weakness, and then using
a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2808
https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf

Comment 1 Swamp Workflow Management 2015-04-01 22:00:35 UTC

bugbot adjusting priority

Comment 2 Andreas Stieger 2015-05-05 14:12:43 UTC

Research into ciphers, digest and key exchange algorithms in the TLS/SSL stack will continue to discover weaknesses and attacks.

In this case, RC4 can be considered weak and it's use dis-encouraged, however there will be no disabling patches for existing SLE products to remove RC4 functionality. Remediation is available through configuration if loss of compatibility with RC4 is acceptable.

For new products, e.g. Apache httpd in SLE 12 the default configurations have already been adjusted to exclude RC4. Closing as WONTFIX.

Comment 3 james hostelley 2016-10-12 12:53:55 UTC

Can we upgrade open SSL to version 1.1.0 to fix this vulnerability within sentinel running on SLES 11 SP4?

Comment 4 Marcus Meissner 2016-10-12 13:26:37 UTC

(In reply to james hostelley from comment #3)
> Can we upgrade open SSL to version 1.1.0 to fix this vulnerability within
> sentinel running on SLES 11 SP4?

No.

Just use !RC4 in your ssl cipher strings for instance.