CVE-2016-6129: Input Validation
First published: Sun Aug 28 2016(Updated: )
It has been reported that libtomcrypt may be vulnerable to a Bleichenbacher attack due to a vulnerability in rsa_verify_hash.c CERT has provided the details from Intel Security Advanced Threat Research team. ---------------------------------------------------------------------- Bleichenbacher signature forgery attack in OP-TEE Background The implementation for RSA signature verification of PKCS 1 v1.5 in the Open Portable Trusted Execution Environment (<a href="https://github.com/OP-TEE/optee_os">https://github.com/OP-TEE/optee_os</a>) appears to be vulnerable to a Bleichenbacher signature forgery attack. The vulnerability may result in RSA signature or public certificate forgery when a low public exponent (for example, e = 3) is used. Vulnerability The function rsa_verify_hash_ex (<a href="https://github.com/OPTEE/optee_os/blob/master/core/lib/libtomcrypt/src/pk/rsa/rsa_verify_hash.c">https://github.com/OPTEE/optee_os/blob/master/core/lib/libtomcrypt/src/pk/rsa/rsa_verify_hash.c</a>) does not check the number of remaining bytes in the decrypted message after ASN.1 encoded data. The function decodes the ASN.1 message and checks that it has the correct structure and values (OID and hash). This permits additional data after the ASN.1 message that can be used to forge a PKCS1 v1.5 signature for keys with a low public exponent. The original variant of the attack is described here: <a href="https://www.ietf.org/mail-archive/web/openpgp/current/msg00999.html">https://www.ietf.org/mail-archive/web/openpgp/current/msg00999.html</a> ----------------------------------------------------------------------
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Op-tee Op-tee Os | <=2.1.0 | |
| Libtom Libtomcrypt | <=1.17 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/OP-TEE/optee_os
- https://github.com/OPTEE/optee_os/blob/master/core/lib/libtomcrypt/src/pk/rsa/rsa_verify_hash.c
- https://www.ietf.org/mail-archive/web/openpgp/current/msg00999.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1370956
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1370957
- https://github.com/OP-TEE/optee_os/commit/30d13250c390c4f56adefdcd3b64b7cc672f9fe2
- https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd09
- https://bugzilla.redhat.com/show_bug.cgi?id=1370955
- https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd0
- https://www.op-tee.org/advisories/
- collector/nvd-index
- agent/type
- agent/references
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-6129
- agent/last-modified-date
- agent/severity
- agent/author
- agent/weakness
- agent/description
- agent/event
- agent/tags
- agent/trending
- vendor/op-tee
- canonical/op-tee op-tee os
- version/op-tee op-tee os/2.1.0
- vendor/libtom
- canonical/libtom libtomcrypt
- version/libtom libtomcrypt/1.17