Debian Bug report logs -
#438142
CVE-2007-3108 wrong Montgomery multiplication might cause information leakage
Reported by: Nico Golde <nion@debian.org>
Date: Wed, 15 Aug 2007 15:57:08 UTC
Severity: important
Tags: security
Found in versions openssl/0.9.8e-5, openssl/0.9.8c-4, 0.9.7e-3sarge4
Fixed in versions 0.9.8e-6, openssl/0.9.8c-4etch4
Done: Kurt Roeckx <kurt@roeckx.be>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#438142; Package openssl.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: openssl
Version: 0.9.8e-5
Severity: important
Tags: security
Hi,
CVE-2007-3108[0]:
The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and
earlier does not properly perform Montgomery multiplication, which might allow
local users to conduct a side-channel attack and retrieve RSA private keys.
Openssl seems to be vulnerable in (oldstable), stable, testing and unstable.
I couldn't find any note about a fix for this in the changelogs.
If you fix this issue please include the CVE id in the changelog.
You can find patches for the 0.9.8 versions on:
http://www.securityfocus.com/bid/25163/solution
Kind regards
Nico
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108
--
Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#438142; Package openssl.
(full text, mbox, link).
Acknowledgement sent to Kurt Roeckx <kurt@roeckx.be>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>.
(full text, mbox, link).
Message #10 received at 438142@bugs.debian.org (full text, mbox, reply):
On Wed, Aug 15, 2007 at 05:56:51PM +0200, Nico Golde wrote:
> Package: openssl
> Version: 0.9.8e-5
> Severity: important
> Tags: security
>
> Hi,
> CVE-2007-3108[0]:
> The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and
> earlier does not properly perform Montgomery multiplication, which might allow
> local users to conduct a side-channel attack and retrieve RSA private keys.
>
> Openssl seems to be vulnerable in (oldstable), stable, testing and unstable.
> I couldn't find any note about a fix for this in the changelogs.
>
> If you fix this issue please include the CVE id in the changelog.
> You can find patches for the 0.9.8 versions on:
> http://www.securityfocus.com/bid/25163/solution
So, this was all a bit confusing. What I get is:
For HEAD the fixes are:
http://cvs.openssl.org/chngview?cn=16275
http://cvs.openssl.org/chngview?cn=16282
http://cvs.openssl.org/chngview?cn=16306
For 0.9.8e you need:
http://openssl.org/news/patch-CVE-2007-3108.txt
Which is a combination of:
http://cvs.openssl.org/chngview?cn=16277
http://cvs.openssl.org/chngview?cn=16308
(The assembler versions don't exists in 0.9.8e)
Kurt
Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#438142; Package openssl.
(full text, mbox, link).
Acknowledgement sent to Kurt Roeckx <kurt@roeckx.be>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>.
(full text, mbox, link).
Message #15 received at 438142@bugs.debian.org (full text, mbox, reply):
On Wed, Aug 15, 2007 at 07:46:34PM +0200, Kurt Roeckx wrote:
>
> For HEAD the fixes are:
> http://cvs.openssl.org/chngview?cn=16275
> http://cvs.openssl.org/chngview?cn=16282
> http://cvs.openssl.org/chngview?cn=16306
>
> For 0.9.8e you need:
> http://openssl.org/news/patch-CVE-2007-3108.txt
>
> Which is a combination of:
> http://cvs.openssl.org/chngview?cn=16277
> http://cvs.openssl.org/chngview?cn=16308
If you only applied the first of those, make test fails (as expected)
with:
wap-wsg-idm-ecid-wtls9: failed
ECDSA test failed
3366:error:0307706E:bignum routines:BN_mod_lshift_quick:input not reduced:bn_mod.c:273:
make[2]: *** [test_ecdsa] Error 1
All openssl 0.9.8 packages in Debian run the testsuite during build and
fail on this if you got the wrong patch. The 0.9.7 versions don't and
will fail silently.
Kurt
Reply sent to Kurt Roeckx <kurt@roeckx.be>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #20 received at 438142-close@bugs.debian.org (full text, mbox, reply):
Source: openssl
Source-Version: 0.9.8e-6
We believe that the bug you reported is fixed in the latest version of
openssl, which is due to be installed in the Debian FTP archive:
libcrypto0.9.8-udeb_0.9.8e-6_amd64.udeb
to pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8e-6_amd64.udeb
libssl-dev_0.9.8e-6_amd64.deb
to pool/main/o/openssl/libssl-dev_0.9.8e-6_amd64.deb
libssl0.9.8-dbg_0.9.8e-6_amd64.deb
to pool/main/o/openssl/libssl0.9.8-dbg_0.9.8e-6_amd64.deb
libssl0.9.8_0.9.8e-6_amd64.deb
to pool/main/o/openssl/libssl0.9.8_0.9.8e-6_amd64.deb
openssl_0.9.8e-6.diff.gz
to pool/main/o/openssl/openssl_0.9.8e-6.diff.gz
openssl_0.9.8e-6.dsc
to pool/main/o/openssl/openssl_0.9.8e-6.dsc
openssl_0.9.8e-6_amd64.deb
to pool/main/o/openssl/openssl_0.9.8e-6_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 438142@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kurt Roeckx <kurt@roeckx.be> (supplier of updated openssl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 15 Aug 2007 19:49:54 +0200
Source: openssl
Binary: libssl-dev openssl libssl0.9.8-dbg libcrypto0.9.8-udeb libssl0.9.8
Architecture: source amd64
Version: 0.9.8e-6
Distribution: unstable
Urgency: high
Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <kurt@roeckx.be>
Description:
libcrypto0.9.8-udeb - crypto shared library - udeb (udeb)
libssl-dev - SSL development libraries, header files and documentation
libssl0.9.8 - SSL shared libraries
libssl0.9.8-dbg - Symbol tables for libssl and libcrypto
openssl - Secure Socket Layer (SSL) binary and related cryptographic tools
Closes: 438142
Changes:
openssl (0.9.8e-6) unstable; urgency=high
.
* Add fix for CVE-2007-3108 (Closes: #438142)
Files:
e64b54ca284a70c19e7d5b586cb22678 797 utils optional openssl_0.9.8e-6.dsc
89e0b5f311fb8742f04c0f5627495d05 47824 utils optional openssl_0.9.8e-6.diff.gz
bce8d9d9f66bbbc39d11092bd9f51d82 1022228 utils optional openssl_0.9.8e-6_amd64.deb
6142a7cf39939efc0cc8d82300f05150 921810 libs important libssl0.9.8_0.9.8e-6_amd64.deb
c188d7e118e4388287353399ec066a55 603610 debian-installer optional libcrypto0.9.8-udeb_0.9.8e-6_amd64.udeb
843d1fdb5748eac1f2c0bba30e66d3a1 2196396 libdevel optional libssl-dev_0.9.8e-6_amd64.deb
d1e3d15a438c6dd728f2946aed54ae13 1639256 libdevel extra libssl0.9.8-dbg_0.9.8e-6_amd64.deb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGwz/JQdwckHJElwsRAh9nAJ0YcpzdeDHDJsOUitz6L4ikt9qX+wCfTIFd
bFFaks7m9PVdY3GhV1ghWzo=
=FyOM
-----END PGP SIGNATURE-----
Bug marked as found in version 0.9.8c-4.
Request was from Touko Korpela <tkorpela@phnet.fi>
to control@bugs.debian.org.
(Wed, 15 Aug 2007 23:21:02 GMT) (full text, mbox, link).
Bug marked as found in version 0.9.7e-3sarge4.
Request was from kurt@roeckx.be (Kurt Roeckx)
to control@bugs.debian.org.
(Wed, 15 Aug 2007 23:48:01 GMT) (full text, mbox, link).
Bug 438142 cloned as bug 438180.
Request was from kurt@roeckx.be (Kurt Roeckx)
to control@bugs.debian.org.
(Wed, 15 Aug 2007 23:48:02 GMT) (full text, mbox, link).
Bug 438142 cloned as bug 438181.
Request was from kurt@roeckx.be (Kurt Roeckx)
to control@bugs.debian.org.
(Wed, 15 Aug 2007 23:48:03 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 20 Sep 2007 07:27:43 GMT) (full text, mbox, link).
Bug unarchived.
Request was from kurt@roeckx.be (Kurt Roeckx)
to control@bugs.debian.org.
(Sun, 06 Apr 2008 14:57:18 GMT) (full text, mbox, link).
Reply sent to Kurt Roeckx <kurt@roeckx.be>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #37 received at 438142-close@bugs.debian.org (full text, mbox, reply):
Source: openssl
Source-Version: 0.9.8c-4etch4
We believe that the bug you reported is fixed in the latest version of
openssl, which is due to be installed in the Debian FTP archive:
libcrypto0.9.8-udeb_0.9.8c-4etch4_amd64.udeb
to pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch4_amd64.udeb
libssl-dev_0.9.8c-4etch4_amd64.deb
to pool/main/o/openssl/libssl-dev_0.9.8c-4etch4_amd64.deb
libssl0.9.8-dbg_0.9.8c-4etch4_amd64.deb
to pool/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch4_amd64.deb
libssl0.9.8_0.9.8c-4etch4_amd64.deb
to pool/main/o/openssl/libssl0.9.8_0.9.8c-4etch4_amd64.deb
openssl_0.9.8c-4etch4.diff.gz
to pool/main/o/openssl/openssl_0.9.8c-4etch4.diff.gz
openssl_0.9.8c-4etch4.dsc
to pool/main/o/openssl/openssl_0.9.8c-4etch4.dsc
openssl_0.9.8c-4etch4_amd64.deb
to pool/main/o/openssl/openssl_0.9.8c-4etch4_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 438142@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kurt Roeckx <kurt@roeckx.be> (supplier of updated openssl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 06 Apr 2008 16:31:28 +0200
Source: openssl
Binary: libssl-dev openssl libssl0.9.8-dbg libcrypto0.9.8-udeb libssl0.9.8
Architecture: source amd64
Version: 0.9.8c-4etch4
Distribution: proposed-updates
Urgency: low
Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
Changed-By: Kurt Roeckx <kurt@roeckx.be>
Description:
libcrypto0.9.8-udeb - crypto shared library - udeb (udeb)
libssl-dev - SSL development libraries, header files and documentation
libssl0.9.8 - SSL shared libraries
libssl0.9.8-dbg - Symbol tables for libssl and libcrypt
openssl - Secure Socket Layer (SSL) binary and related cryptographic tools
Closes: 438142
Changes:
openssl (0.9.8c-4etch4) proposed-updates; urgency=low
.
* Apply patch from SuSe for CVE-2007-4995. This should also
get DTLS in a working state.
* Fix CVE-2007-3108 wrong Montgomery multiplication. This was
also included in the patch from SuSe. (Closes: #438142)
Files:
637314078fae5c8eac38f121791dc21f 807 utils optional openssl_0.9.8c-4etch4.dsc
9535ab69f6dce0837d3876837497fe69 55497 utils optional openssl_0.9.8c-4etch4.diff.gz
8a8e8b85bd226154d11ca8d48a4aa878 1017276 utils optional openssl_0.9.8c-4etch4_amd64.deb
f54973d6d8865554ab67d9dc5c6f5e84 891076 libs important libssl0.9.8_0.9.8c-4etch4_amd64.deb
7277ca9a231ce3cf8ec6bb4c41234de1 580182 debian-installer optional libcrypto0.9.8-udeb_0.9.8c-4etch4_amd64.udeb
f6456c171db3f3b6493606b59ee48401 2187068 libdevel optional libssl-dev_0.9.8c-4etch4_amd64.deb
7fb2273112badf44c25889779846ab86 1654946 libdevel extra libssl0.9.8-dbg_0.9.8c-4etch4_amd64.deb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFH+OkEQdwckHJElwsRAtKvAKDZGlgetd8S2XUhWhFwNNf7rWqlfgCg53Ye
xoV+WnEmV4uLWXJyW9pjRjY=
=YcYM
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 11 May 2008 07:48:53 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:07:53 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon