REDHAT-BUG-1370955
First published: Sun Aug 28 2016(Updated: )
It has been reported that libtomcrypt may be vulnerable to a Bleichenbacher attack due to a vulnerability in rsa_verify_hash.c CERT has provided the details from Intel Security Advanced Threat Research team. ---------------------------------------------------------------------- Bleichenbacher signature forgery attack in OP-TEE Background The implementation for RSA signature verification of PKCS 1 v1.5 in the Open Portable Trusted Execution Environment (<a href="https://github.com/OP-TEE/optee_os">https://github.com/OP-TEE/optee_os</a>) appears to be vulnerable to a Bleichenbacher signature forgery attack. The vulnerability may result in RSA signature or public certificate forgery when a low public exponent (for example, e = 3) is used. Vulnerability The function rsa_verify_hash_ex (<a href="https://github.com/OPTEE/optee_os/blob/master/core/lib/libtomcrypt/src/pk/rsa/rsa_verify_hash.c">https://github.com/OPTEE/optee_os/blob/master/core/lib/libtomcrypt/src/pk/rsa/rsa_verify_hash.c</a>) does not check the number of remaining bytes in the decrypted message after ASN.1 encoded data. The function decodes the ASN.1 message and checks that it has the correct structure and values (OID and hash). This permits additional data after the ASN.1 message that can be used to forge a PKCS1 v1.5 signature for keys with a low public exponent. The original variant of the attack is described here: <a href="https://www.ietf.org/mail-archive/web/openpgp/current/msg00999.html">https://www.ietf.org/mail-archive/web/openpgp/current/msg00999.html</a> ----------------------------------------------------------------------
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Libmcrypt | ||
| OP-TEE |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/OP-TEE/optee_os
- https://github.com/OPTEE/optee_os/blob/master/core/lib/libtomcrypt/src/pk/rsa/rsa_verify_hash.c
- https://www.ietf.org/mail-archive/web/openpgp/current/msg00999.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1370956
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1370957
- https://github.com/OP-TEE/optee_os/commit/30d13250c390c4f56adefdcd3b64b7cc672f9fe2
- https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd09
- https://bugzilla.redhat.com/show_bug.cgi?id=1370955
Frequently Asked Questions
What is the severity of REDHAT-BUG-1370955?
The severity of REDHAT-BUG-1370955 is considered high due to its potential impact on the cryptographic validation process.
How do I fix REDHAT-BUG-1370955?
To fix REDHAT-BUG-1370955, you should apply the latest updates provided by Libtom or OP-TEE that address this vulnerability.
What systems are affected by REDHAT-BUG-1370955?
REDAHT-BUG-1370955 affects Libtomcrypt and OP-TEE OS implementations that utilize the vulnerable rsa_verify_hash.c file.
What type of attack does REDHAT-BUG-1370955 expose systems to?
REDAHT-BUG-1370955 exposes systems to a Bleichenbacher attack which could allow an attacker to exploit weaknesses in RSA signature verification.
Who reported REDHAT-BUG-1370955?
REDAHT-BUG-1370955 was reported by the Intel Security Advanced Threat Research team, highlighting concerns in the cryptographic library implementation.
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-6129
- agent/severity
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/libtom
- canonical/libmcrypt
- vendor/op-tee
- canonical/op-tee