Bug 995359 – VUL-0: CVE-2016-2183: openssl: Birthday attacks on 64-bit block ciphers aka triple-des (SWEET32)

Bug 995359 - (CVE-2016-2183) VUL-0: CVE-2016-2183: openssl: Birthday attacks on 64-bit block ciphers aka triple-des (SWEET32)

(CVE-2016-2183)
Summary:	VUL-0: CVE-2016-2183: openssl: Birthday attacks on 64-bit block ciphers aka t...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	CVSSv2:SUSE:CVE-2016-2183:4.3:(AV:N/A...
Keywords:

Depends on:
Blocks:	1001912
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2016-08-24 13:22 UTC by Marcus Meissner
Modified:	2022-02-16 21:26 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2016-08-24 13:22:41 UTC

https://www.openssl.org/blog/blog/2016/08/24/sweet32/

The SWEET32 Issue, CVE-2016-2183

Posted by Rich Salz , Aug 24th, 2016 11:16 pm

Today, Karthik Bhargavan and Gaetan Leurent from Inria have unveiled a new attack on Triple-DES, SWEET32, Birthday attacks on 64-bit block ciphers in TLS and OpenVPN. It has been assigned CVE-2016-2183.

This post gives a bit of background and describes what OpenSSL is doing. For more details, see their website.

Because DES (and triple-DES) has only a 64-bit block size, birthday attacks are a real concern. With the ability to run Javascript in a browser, it is possible to send enough traffic to cause a collision, and then use that information to recover something like a session Cookie. Their experiments have been able to recover a cookie in under two days. More details are available at their website. But the take-away is this: triple-DES should now be considered as “bad” as RC4.

Triple-DES, which shows up as “DES-CBC3” in an OpenSSL cipher string, is still used on the Web, and major browsers are not yet willing to completely disable it.

If you run a server, you should disable triple-DES. This is generally a configuration issue. If you run an old server that doesn’t support any better ciphers than DES or RC4, you should upgrade.

Within the OpenSSL team, we discussed how to classify this, using our security policy, and we decided to rate it LOW. This means that we just pushed the fix into our repositories. Here is what we did:

For 1.0.2 and 1.0.1, we removed the triple-DES ciphers from the “HIGH” keyword and put them into “MEDIUM.” Note that we did not remove them from the “DEFAULT” keyword.

For the 1.1.0 release, which we expect to release tomorrow, we will treat triple-DES just like we are treating RC4. It is not compiled by default; you have to use “enable-weak-ssl-ciphers” as a config option. Even when those ciphers are compiled, triple-DES is only in the “MEDIUM” keyword. In addition, because this is a new release, we also removed it from the “DEFAULT” keyword.

When you have a large installed base, it is hard to move forward in a way that will please everyone. Leaving triple-DES in “DEFAULT” for 1.0.x and removing it from 1.1.0 is admittedly a compromise. We hope the changes above make sense, and even if you disagree and you run a server, you can explicitly protect your users through configuration.

Finally, we would like to thank Karthik and Gaeten for reaching out to us, and working closely to coordinate our releases with their disclosure.

Comment 1 Marcus Meissner 2016-08-24 14:18:52 UTC

see also https://sweet32.info/

Comment 2 Marcus Meissner 2016-08-24 14:29:22 UTC

openssl part:

commit e95f5e03f6f1f8d3f6cbe4b7fa48e57b4cf8fd60
Author: Rich Salz <rsalz@openssl.org>
Date:   Thu Aug 18 09:26:52 2016 -0400

    SWEET32 (CVE-2016-2183): Move DES from HIGH to MEDIUM
    
    Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
    Reviewed-by: Emilia Käsper <emilia@openssl.org>
    (cherry picked from commit 0fff5065884d5ac61123a604bbcee30a53c808ff)

Comment 3 Swamp Workflow Management 2016-08-24 22:00:34 UTC

bugbot adjusting priority

Comment 7 Bernhard Wiedemann 2016-09-23 12:02:50 UTC

This is an autogenerated message for OBS integration:
This bug (995359) was mentioned in
https://build.opensuse.org/request/show/429766 Factory / openssl

Comment 9 Bernhard Wiedemann 2016-09-23 16:02:08 UTC

This is an autogenerated message for OBS integration:
This bug (995359) was mentioned in
https://build.opensuse.org/request/show/429845 13.2 / openssl

Comment 11 Swamp Workflow Management 2016-09-26 17:12:06 UTC

SUSE-SU-2016:2387-1: An update that solves 11 vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 979475,982575,982745,983249,988591,990419,993819,994749,994844,995075,995324,995359,995377,998190,999665,999666,999668
CVE References: CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    openssl-1.0.1i-27.21.1
SUSE Linux Enterprise Server 12-LTSS (src):    openssl-1.0.1i-27.21.1

Comment 12 Bernhard Wiedemann 2016-09-27 08:01:47 UTC

This is an autogenerated message for OBS integration:
This bug (995359) was mentioned in
https://build.opensuse.org/request/show/430498 Factory / openssl

Comment 13 Swamp Workflow Management 2016-09-27 09:10:48 UTC

openSUSE-SU-2016:2391-1: An update that solves 11 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 979475,982575,983249,988591,990419,993819,994749,994844,995075,995324,995359,995377,998190,999665,999666,999668
CVE References: CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306
Sources used:
openSUSE 13.2 (src):    openssl-1.0.1k-2.39.1

Comment 16 Swamp Workflow Management 2016-09-27 17:13:24 UTC

SUSE-SU-2016:2394-1: An update that solves 11 vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 979475,982575,982745,983249,988591,990419,993819,994749,994844,995075,995324,995359,995377,998190,999665,999666,999668
CVE References: CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    openssl-1.0.1i-52.1
SUSE Linux Enterprise Server 12-SP1 (src):    openssl-1.0.1i-52.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    openssl-1.0.1i-52.1

Comment 19 Swamp Workflow Management 2016-09-28 10:12:37 UTC

openSUSE-SU-2016:2407-1: An update that solves 11 vulnerabilities and has 6 fixes is now available.

Category: security (important)
Bug References: 979475,982575,982745,983249,988591,990419,993819,994749,994844,995075,995324,995359,995377,998190,999665,999666,999668
CVE References: CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306
Sources used:
openSUSE Leap 42.1 (src):    openssl-1.0.1i-18.1

Comment 20 Swamp Workflow Management 2016-09-28 15:13:33 UTC

An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2016-10-05.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/63071

Comment 22 Swamp Workflow Management 2016-10-05 16:11:17 UTC

SUSE-SU-2016:2458-1: An update that solves 10 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 979475,982575,983249,993819,994749,994844,995075,995324,995359,995377,998190,999665,999666,999668
CVE References: CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306
Sources used:
SUSE Studio Onsite 1.3 (src):    openssl-0.9.8j-0.102.2
SUSE OpenStack Cloud 5 (src):    openssl-0.9.8j-0.102.2
SUSE Manager Proxy 2.1 (src):    openssl-0.9.8j-0.102.2
SUSE Manager 2.1 (src):    openssl-0.9.8j-0.102.2
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    openssl-0.9.8j-0.102.2
SUSE Linux Enterprise Server 11-SP4 (src):    openssl-0.9.8j-0.102.2
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    openssl-0.9.8j-0.102.2
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    openssl-0.9.8j-0.102.2
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    openssl-0.9.8j-0.102.2
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    openssl-0.9.8j-0.102.2
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    openssl-0.9.8j-0.102.2
SUSE Linux Enterprise Debuginfo 11-SP2 (src):    openssl-0.9.8j-0.102.2

Comment 23 Swamp Workflow Management 2016-10-06 18:10:46 UTC

SUSE-SU-2016:2468-1: An update that solves 10 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 979475,982575,983249,993819,994749,994844,995075,995324,995359,995377,998190,999665,999666,999668
CVE References: CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    compat-openssl098-0.9.8j-102.1
SUSE Linux Enterprise Module for Legacy Software 12 (src):    compat-openssl098-0.9.8j-102.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    compat-openssl098-0.9.8j-102.1

Comment 24 Swamp Workflow Management 2016-10-06 18:13:25 UTC

SUSE-SU-2016:2469-1: An update that solves 11 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 979475,982575,982745,983249,990419,993819,994749,994844,995075,995324,995359,995377,998190,999665,999666,999668
CVE References: CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306
Sources used:
SUSE Linux Enterprise Server 11-SECURITY (src):    openssl1-1.0.1g-0.52.1

Comment 25 Marcus Meissner 2016-10-11 15:11:56 UTC

all released

Comment 26 Swamp Workflow Management 2016-10-14 13:10:44 UTC

openSUSE-SU-2016:2537-1: An update that solves 10 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 979475,982575,983249,993819,994749,994844,995075,995324,995359,995377,998190,999665,999666,999668
CVE References: CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306
Sources used:
openSUSE Leap 42.1 (src):    compat-openssl098-0.9.8j-15.1

Comment 27 Swamp Workflow Management 2016-10-14 18:09:12 UTC

SUSE-SU-2016:2545-1: An update that solves 5 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 982575,993819,995359,995377,999665,999668
CVE References: CVE-2016-2177,CVE-2016-2182,CVE-2016-2183,CVE-2016-6303,CVE-2016-6306
Sources used:
SUSE Linux Enterprise Server for SAP 11-SP4 (src):    compat-openssl097g-0.9.7g-146.22.47.1
SUSE Linux Enterprise Server for SAP 11-SP3 (src):    compat-openssl097g-0.9.7g-146.22.47.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    compat-openssl097g-0.9.7g-146.22.47.1

Comment 29 Swamp Workflow Management 2018-02-16 11:11:40 UTC

openSUSE-SU-2018:0458-1: An update that solves 16 vulnerabilities and has 12 fixes is now available.

Category: security (important)
Bug References: 1001148,1009528,1019334,1022085,1022086,1022271,982268,982575,983249,984323,990207,990392,990419,990428,991193,991877,992120,993819,994749,994844,995075,995324,995359,995377,998190,999665,999666,999668
CVE References: CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306,CVE-2016-7052,CVE-2016-7055,CVE-2016-7056,CVE-2017-3731,CVE-2017-3732
Sources used:
openSUSE Leap 42.3 (src):    openssl-steam-1.0.2k-4.3.1

Comment 31 Swamp Workflow Management 2022-02-16 21:26:19 UTC

SUSE-FU-2022:0445-1: An update that solves 183 vulnerabilities, contains 21 features and has 299 fixes is now available.

Category: feature (moderate)
Bug References: 1000080,1000117,1000194,1000677,1000742,1001148,1001912,1002585,1002895,1003091,1005246,1009528,1010874,1010966,1011936,1015549,1019637,1021641,1022085,1022086,1022271,1027079,1027610,1027688,1027705,1027908,1028281,1028723,1029523,1029902,1030038,1032118,1032119,1035604,1039469,1040164,1040256,1041090,1042392,1042670,1044095,1044107,1044175,1049186,1049304,1050653,1050665,1055478,1055542,1055825,1056058,1056951,1057496,1062237,1065363,1066242,1066873,1068790,1070737,1070738,1070853,1071905,1071906,1071941,1073310,1073845,1073879,1074247,1076519,1077096,1077230,1078329,1079761,1080301,1081005,1081750,1081751,1082155,1082163,1082318,1083826,1084117,1084157,1085276,1085529,1085661,1087102,1087104,1088573,1089039,1090427,1090765,1090953,1093518,1093917,1094788,1094814,1094883,1095267,1096738,1096937,1097158,1097531,1097624,1098535,1098592,1099308,1099569,1100078,1101246,1101470,1102868,1104789,1106197,1108508,1109882,1109998,1110435,1110869,1110871,1111493,1111622,1111657,1112209,1112357,1113534,1113652,1113742,1113975,1115769,1117951,1118611,1119376,1119416,1119792,1121717,1121852,1122191,1123064,1123185,1123186,1123558,1124885,1125815,1126283,1126318,1127080,1127173,1128146,1128323,1128355,1129071,1129566,1130840,1131291,1132174,1132323,1132455,1132663,1132900,1135009,1136444,1138666,1138715,1138746,1139915,1140255,1141168,1142899,1143033,1143454,1143893,1144506,1149686,1149792,1150003,1150190,1150250,1150895,1153830,1155815,1156677,1156694,1156908,1157104,1157354,1158809,1159235,1159538,1160163,1161557,1161770,1162224,1162367,1162743,1163978,1164310,1165439,1165578,1165730,1165823,1165960,1166139,1166758,1167008,1167501,1167732,1167746,1168480,1168973,1169489,1170175,1170863,1171368,1171561,1172226,1172908,1172928,1173226,1173356,1174009,1174091,1174514,1175729,1176116,1176129,1176134,1176232,1176256,1176257,1176258,1176259,1176262,1176389,1176785,1176977,1177120,1177127,1177559,1178168,1178341,1178670,1179491,1179562,1179630,1179805,1180125,1180781,1181126,1181324,1181944,1182066,1182211,1182244,1182264,1182331,1182333,1182379,1182963,1183059,1183374,1183858,1184505,1185588,1185706,1185748,1186738,1187045,1189521,1190781,1193357,356549,381844,394317,408865,428177,430141,431945,437293,442740,459468,489641,504687,509031,526319,590833,610223,610642,629905,637176,651003,657698,658604,670526,673071,693027,715423,720601,743787,747125,748738,749210,749213,749735,750618,751718,751946,751977,754447,754677,761500,774710,784670,784994,787526,793420,799119,802184,803004,809831,811890,822642,825221,828513,831629,832833,834601,835687,839107,84331,849377,855666,855676,856687,857203,857850,858239,867887,869945,871152,872299,873351,876282,876710,876712,876748,880891,885662,885882,889013,889363,892477,892480,895129,898917,901223,901277,901902,902364,906878,907584,908362,908372,912014,912015,912018,912292,912293,912294,912296,912460,913229,915479,917607,917759,917815,919648,920236,922448,922488,922496,922499,922500,926597,929678,929736,930189,931698,931978,933898,933911,934487,934489,934491,934493,935856,937085,937212,937492,937634,937912,939456,940608,942385,942751,943421,944204,945455,946648,947104,947357,947679,948198,952871,954256,954486,954690,957812,957813,957815,958501,961334,962291,963415,963974,964204,964472,964474,965830,967128,968046,968047,968048,968050,968265,968270,968374,968601,975875,976942,977584,977614,977615,977616,977663,978224,981848,982268,982575,983249,984323,985054,988086,990207,990392,990419,990428,991193,991877,992120,992988,992989,992992,993130,993819,993825,993968,994749,994844,994910,995075,995324,995359,995377,995959,996255,997043,997614,998190,999665,999666,999668
CVE References: CVE-2006-2937,CVE-2006-2940,CVE-2006-3738,CVE-2006-4339,CVE-2006-4343,CVE-2006-7250,CVE-2007-3108,CVE-2007-4995,CVE-2007-5135,CVE-2008-0891,CVE-2008-1672,CVE-2008-5077,CVE-2009-0590,CVE-2009-0591,CVE-2009-0789,CVE-2009-1377,CVE-2009-1378,CVE-2009-1379,CVE-2009-1386,CVE-2009-1387,CVE-2010-0740,CVE-2010-0742,CVE-2010-1633,CVE-2010-2939,CVE-2010-3864,CVE-2010-5298,CVE-2011-0014,CVE-2011-3207,CVE-2011-3210,CVE-2011-3389,CVE-2011-4108,CVE-2011-4576,CVE-2011-4577,CVE-2011-4619,CVE-2011-4944,CVE-2012-0027,CVE-2012-0050,CVE-2012-0845,CVE-2012-0884,CVE-2012-1150,CVE-2012-1165,CVE-2012-2110,CVE-2012-2686,CVE-2012-4929,CVE-2013-0166,CVE-2013-0169,CVE-2013-1752,CVE-2013-4238,CVE-2013-4314,CVE-2013-4353,CVE-2013-6449,CVE-2013-6450,CVE-2014-0012,CVE-2014-0076,CVE-2014-0160,CVE-2014-0195,CVE-2014-0198,CVE-2014-0221,CVE-2014-0224,CVE-2014-1829,CVE-2014-1830,CVE-2014-2667,CVE-2014-3470,CVE-2014-3505,CVE-2014-3506,CVE-2014-3507,CVE-2014-3508,CVE-2014-3509,CVE-2014-3510,CVE-2014-3511,CVE-2014-3512,CVE-2014-3513,CVE-2014-3566,CVE-2014-3567,CVE-2014-3568,CVE-2014-3570,CVE-2014-3571,CVE-2014-3572,CVE-2014-4650,CVE-2014-5139,CVE-2014-7202,CVE-2014-7203,CVE-2014-8275,CVE-2014-9721,CVE-2015-0204,CVE-2015-0205,CVE-2015-0206,CVE-2015-0209,CVE-2015-0286,CVE-2015-0287,CVE-2015-0288,CVE-2015-0289,CVE-2015-0293,CVE-2015-1788,CVE-2015-1789,CVE-2015-1790,CVE-2015-1791,CVE-2015-1792,CVE-2015-2296,CVE-2015-3194,CVE-2015-3195,CVE-2015-3196,CVE-2015-3197,CVE-2015-3216,CVE-2015-4000,CVE-2016-0702,CVE-2016-0705,CVE-2016-0797,CVE-2016-0798,CVE-2016-0799,CVE-2016-0800,CVE-2016-10745,CVE-2016-2105,CVE-2016-2106,CVE-2016-2107,CVE-2016-2109,CVE-2016-2176,CVE-2016-2177,CVE-2016-2178,CVE-2016-2179,CVE-2016-2180,CVE-2016-2181,CVE-2016-2182,CVE-2016-2183,CVE-2016-6302,CVE-2016-6303,CVE-2016-6304,CVE-2016-6306,CVE-2016-7052,CVE-2016-7055,CVE-2016-9015,CVE-2017-18342,CVE-2017-3731,CVE-2017-3732,CVE-2017-3735,CVE-2017-3736,CVE-2017-3737,CVE-2017-3738,CVE-2018-0732,CVE-2018-0734,CVE-2018-0737,CVE-2018-0739,CVE-2018-18074,CVE-2018-20060,CVE-2018-5407,CVE-2018-7750,CVE-2019-10906,CVE-2019-11236,CVE-2019-11324,CVE-2019-13132,CVE-2019-1547,CVE-2019-1551,CVE-2019-1559,CVE-2019-1563,CVE-2019-20907,CVE-2019-20916,CVE-2019-5010,CVE-2019-6250,CVE-2019-8341,CVE-2019-9740,CVE-2019-9947,CVE-2020-14343,CVE-2020-15166,CVE-2020-15523,CVE-2020-15801,CVE-2020-1747,CVE-2020-1971,CVE-2020-25659,CVE-2020-26137,CVE-2020-27783,CVE-2020-28493,CVE-2020-29651,CVE-2020-36242,CVE-2020-8492,CVE-2021-23336,CVE-2021-23840,CVE-2021-23841,CVE-2021-28957,CVE-2021-29921,CVE-2021-3177,CVE-2021-33503,CVE-2021-3426,CVE-2021-3712
JIRA References: ECO-3105,SLE-11435,SLE-12684,SLE-12986,SLE-13688,SLE-14253,SLE-15159,SLE-15860,SLE-15861,SLE-16754,SLE-17532,SLE-17957,SLE-18260,SLE-18354,SLE-18446,SLE-19264,SLE-3887,SLE-4480,SLE-4577,SLE-7686,SLE-9135
Sources used:
SUSE Manager Tools 12-BETA (src):    venv-salt-minion-3002.2-3.3.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.