CVE-2015-7744

wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack.
References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html Mailing List Third Party Advisory
http://wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html Release Notes Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html Vendor Advisory
http://www.securitytracker.com/id/1034708 Broken Link Third Party Advisory VDB Entry
https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf Exploit Third Party Advisory
https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/ Exploit Third Party Advisory
https://wolfssl.com/wolfSSL/Blog/Entries/2015/9/17_Two_Vulnerabilities_Recently_Found%2C_An_Attack_on_RSA_using_CRT_and_DoS_Vulnerability_With_DTLS.html Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html Mailing List Third Party Advisory
http://wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html Release Notes Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html Vendor Advisory
http://www.securitytracker.com/id/1034708 Broken Link Third Party Advisory VDB Entry
https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf Exploit Third Party Advisory
https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/ Exploit Third Party Advisory
https://wolfssl.com/wolfSSL/Blog/Entries/2015/9/17_Two_Vulnerabilities_Recently_Found%2C_An_Attack_on_RSA_using_CRT_and_DoS_Vulnerability_With_DTLS.html Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:37

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html - Mailing List, Third Party Advisory
References () http://wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html - Release Notes, Vendor Advisory () http://wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html - Release Notes, Vendor Advisory
References () http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html - Third Party Advisory () http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html - Third Party Advisory
References () http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html - Vendor Advisory () http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html - Vendor Advisory
References () http://www.securitytracker.com/id/1034708 - Broken Link, Third Party Advisory, VDB Entry () http://www.securitytracker.com/id/1034708 - Broken Link, Third Party Advisory, VDB Entry
References () https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf - Exploit, Third Party Advisory () https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf - Exploit, Third Party Advisory
References () https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/ - Exploit, Third Party Advisory () https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/ - Exploit, Third Party Advisory
References () https://wolfssl.com/wolfSSL/Blog/Entries/2015/9/17_Two_Vulnerabilities_Recently_Found%2C_An_Attack_on_RSA_using_CRT_and_DoS_Vulnerability_With_DTLS.html - Vendor Advisory () https://wolfssl.com/wolfSSL/Blog/Entries/2015/9/17_Two_Vulnerabilities_Recently_Found%2C_An_Attack_on_RSA_using_CRT_and_DoS_Vulnerability_With_DTLS.html - Vendor Advisory

Information

Published : 2016-01-22 15:59

Updated : 2024-11-21 02:37


NVD link : CVE-2015-7744

Mitre link : CVE-2015-7744

CVE.ORG link : CVE-2015-7744


JSON object : View

Products Affected

opensuse

  • opensuse
  • leap

wolfssl

  • wolfssl

mariadb

  • mariadb