Bugzilla – Bug 938913
VUL-1: socat: The Logjam Attack / weakdh.org
Last modified: 2016-04-27 19:17:36 UTC
+++ This bug was initially created as a clone of Bug #931600 +++ socat has ssl code that uses fixed size 512bit groups: dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); if ((dh->p == NULL) || (dh->g == NULL)) { while (err = ERR_get_error()) { Warn1("BN_bin2bn(): %s", ERR_error_string(err, NULL)); } Error("BN_bin2bn() failed"); } else { if (SSL_CTX_set_tmp_dh(*ctx, dh) <= 0) { while (err = ERR_get_error()) { Warn3("SSL_CTX_set_tmp_dh(%p, %p): %s", *ctx, dh, ERR_error_string(err, NULL)); } Error2("SSL_CTX_set_tmp_dh(%p, %p) failed", *ctx, dh); } /*! OPENSSL_free(dh->p,g)? doc does not tell so */ } DH_free(dh);
bugbot adjusting priority
IMHO a minor issue, as this fixed 512 bit params are overriden when dhparam= cmdline is used. The 512bit fixed seems just a fallback, which only appeared in SLE12. It could just be removed to have no weak fallback when no dhparam= cmdline is given. Making VUL-1.
Upstream advisory: http://www.dest-unreach.org/socat/contrib/socat-secadv7.html
Upstream increases the DH group size to 1024 in 281d1bd6515c2f0f8984fc168fb3d3b91c20bdc0 to comply to FIPS, then increases to 2048 in eab3c89f2dc0df0d9638941891e8ab233dfb0611 to address socat security advisory 7, MSVR-1499. The git repository is at git://repo.or.cz/socat.git.
Created attachment 664422 [details] Defend against pre-computed DH attacks. This patch increases the size of the DH group used by default to 1024 bits. As it happens, that particular DH group turned out to be weak in OpenSSL so there is yet another patch following this one that bumps the size to 2048 bits.
Created attachment 664423 [details] Defend against pre-computed DH attacks. Use 2048 bit DH group to avoid the weak default in OpenSSL. Addresses MSVR-1499 and improves resilience against logjam.
This is an autogenerated message for OBS integration: This bug (938913) was mentioned in https://build.opensuse.org/request/show/357738 13.2 / socat https://build.opensuse.org/request/show/357740 42.1 / socat
SUSE-SU-2016:0344-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 938913,964844 CVE References: CVE-2015-4000 Sources used: SUSE Linux Enterprise Server 12-SP1 (src): socat-1.7.2.4-3.1 SUSE Linux Enterprise Server 12 (src): socat-1.7.2.4-3.1 SUSE Linux Enterprise Desktop 12-SP1 (src): socat-1.7.2.4-3.1 SUSE Linux Enterprise Desktop 12 (src): socat-1.7.2.4-3.1
released
This is an autogenerated message for OBS integration: This bug (938913) was mentioned in https://build.opensuse.org/request/show/358365 13.2 / socat https://build.opensuse.org/request/show/358366 42.1 / socat
openSUSE-SU-2016:0478-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 938913,964844 CVE References: CVE-2015-4000 Sources used: openSUSE Leap 42.1 (src): socat-1.7.3.1-6.1 openSUSE 13.2 (src): socat-1.7.3.1-2.3.1
openSUSE-SU-2016:0483-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 938913,964844 CVE References: CVE-2015-4000 Sources used: openSUSE 13.1 (src): socat-1.7.3.1-2.6.1