CVE-2019-1563: Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
First published: Tue Sep 10 2019(Updated: )
In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).
Credit: openssl-security@openssl.org openssl-security@openssl.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/jbcs-httpd24-apr | <0:1.6.3-86.jbcs.el6 | 0:1.6.3-86.jbcs.el6 |
| redhat/jbcs-httpd24-brotli | <0:1.0.6-21.jbcs.el6 | 0:1.0.6-21.jbcs.el6 |
| redhat/jbcs-httpd24-httpd | <0:2.4.37-52.jbcs.el6 | 0:2.4.37-52.jbcs.el6 |
| redhat/jbcs-httpd24-openssl | <1:1.1.1c-16.jbcs.el6 | 1:1.1.1c-16.jbcs.el6 |
| redhat/jbcs-httpd24-apr | <0:1.6.3-86.jbcs.el7 | 0:1.6.3-86.jbcs.el7 |
| redhat/jbcs-httpd24-brotli | <0:1.0.6-21.jbcs.el7 | 0:1.0.6-21.jbcs.el7 |
| redhat/jbcs-httpd24-httpd | <0:2.4.37-52.jbcs.el7 | 0:2.4.37-52.jbcs.el7 |
| redhat/jbcs-httpd24-openssl | <1:1.1.1c-16.jbcs.el7 | 1:1.1.1c-16.jbcs.el7 |
| redhat/openssl | <1:1.1.1c-15.el8 | 1:1.1.1c-15.el8 |
| OpenSSL OpenSSL | >=1.0.2<=1.0.2s | |
| OpenSSL OpenSSL | >=1.1.0<=1.1.0k | |
| OpenSSL OpenSSL | >=1.1.1<=1.1.1c | |
| IBM Security Verify Governance | <=10.0 | |
| debian/openssl | 1.1.1w-0+deb11u1 1.1.1w-0+deb11u2 3.0.15-1~deb12u1 3.0.14-1~deb12u2 3.3.2-2 |
Remedy
This attack is carried out by sending a large number of messages to be decrypted by the victim. The attacker needs to receive a response from the victim if the decryption was successful or not. Therefore only if the user application compiled with openssl is designed above way, the attack will be viable. Only CMS_decrypt and PKCS7_decrypt functions are affected. Applications compiled with openssl are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2019-1563 https://nvd.nist.gov/vuln/detail/CVE-2019-1563
- https://bugzilla.redhat.com/show_bug.cgi?id=1752100
- https://access.redhat.com/errata/RHSA-2020:1337
- https://access.redhat.com/errata/RHSA-2020:1840
- https://access.redhat.com/errata/RHSA-2020:1336
- https://access.redhat.com/security/cve/cve-2019-1563
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html
- http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f
- https://kc.mcafee.com/corporate/index?page=content&id=SB10365
- https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/
- https://seclists.org/bugtraq/2019/Oct/0
- https://seclists.org/bugtraq/2019/Oct/1
- https://seclists.org/bugtraq/2019/Sep/25
- https://security.gentoo.org/glsa/201911-04
- https://security.netapp.com/advisory/ntap-20190919-0002/
- https://support.f5.com/csp/article/K97324400?utm_source=f5support&utm_medium=RSS
- https://usn.ubuntu.com/4376-1/
- https://usn.ubuntu.com/4376-2/
- https://usn.ubuntu.com/4504-1/
- https://www.debian.org/security/2019/dsa-4539
- https://www.debian.org/security/2019/dsa-4540
- https://www.openssl.org/news/secadv/20190910.txt
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://www.tenable.com/security/tns-2019-09
- https://support.f5.com/csp/article/K97324400?utm_source=f5support&amp;utm_medium=RSS
- https://kc.mcafee.com/corporate/index?page=content&id=SB10365
- https://launchpad.net/bugs/cve/CVE-2019-1563
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1752101
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1752103
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1752102
- https://access.redhat.com/support/policy/updates/jboss_notes
- https://access.redhat.com/security/cve/CVE-2019-1547
- https://access.redhat.com/security/cve/CVE-2019-1549
- https://access.redhat.com/security/cve/CVE-2019-1551
- https://access.redhat.com/security/cve/CVE-2019-1563
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1752100#c11
- https://access.redhat.com/support/cases/#/case/02620079
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=08229ad838c50f644d7e928e2eef147b4308ad64
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=631f94db0065c78181ca9ba5546ebc8bb3884b97
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/
- https://support.f5.com/csp/article/K97324400?utm_source=f5support&%3Butm_medium=RSS
- https://exchange.xforce.ibmcloud.com/vulnerabilities/167022
- https://www.ibm.com/support/pages/node/7057377 (Advisory)
- https://security-tracker.debian.org/tracker/CVE-2019-1563
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563
- https://nvd.nist.gov/vuln/detail/CVE-2019-1563
- https://ubuntu.com/security/CVE-2019-1563
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is CVE-2019-1563?
CVE-2019-1563 is a vulnerability in OpenSSL that could allow a remote attacker to obtain sensitive information caused by a padding oracle attack.
What is the severity of CVE-2019-1563?
The severity of CVE-2019-1563 is medium, with a severity value of 3.7.
Which software packages are affected by CVE-2019-1563?
The following packages are affected by CVE-2019-1563: jbcs-httpd24-apr, jbcs-httpd24-brotli, jbcs-httpd24-httpd, and jbcs-httpd24-openssl.
How can I fix CVE-2019-1563?
To fix CVE-2019-1563, update the affected software packages to the recommended versions: jbcs-httpd24-apr 0:1.6.3-86.jbcs.el6, jbcs-httpd24-brotli 0:1.0.6-21.jbcs.el6, jbcs-httpd24-httpd 0:2.4.37-52.jbcs.el6, and jbcs-httpd24-openssl 1:1.1.1c-16.jbcs.el6.
Where can I find more information about CVE-2019-1563?
You can find more information about CVE-2019-1563 at the following references: [link1], [link2], [link3].
- collector/redhat-cve
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-1563
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/remedy
- agent/references
- collector/ibm-support
- source/IBM
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/event
- agent/tags
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- package-manager/redhat
- vendor/openssl
- canonical/openssl openssl
- version/openssl openssl/1.0.2
- version/openssl openssl/1.0.2s
- version/openssl openssl/1.1.0
- version/openssl openssl/1.1.0k
- version/openssl openssl/1.1.1
- version/openssl openssl/1.1.1c
- vendor/ibm
- canonical/ibm security verify governance
- version/ibm security verify governance/10.0
- package-manager/debian