[arch-security] [ASA-201507-20] crypto++: private key recovery
Levente Polyak
anthraxx at archlinux.org
Fri Jul 24 14:02:19 UTC 2015
Arch Linux Security Advisory ASA-201507-20
==========================================
Severity: Medium
Date : 2015-07-24
CVE-ID : CVE-2015-2141
Package : crypto++
Type : private key recovery
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
Summary
=======
The package crypto++ before version 5.6.2-3 is vulnerable to private key
recovery via a timing side-channel attack.
Resolution
==========
Upgrade to 5.6.2-3.
# pacman -Syu "crypto++>=5.6.2-3"
The problems have been fixed upstream but no release is available yet.
Workaround
==========
None.
Description
===========
Evgeny Sidorov discovered that it is possible to recover the private key
when using Rabin-Williams signatures due to a bad interaction with the
blinding value used to mask private key operations. The bad interaction
had to do with the random value not meeting certain Jacobi requirements,
which allows remote attackers to obtain private keys via a timing attack.
Impact
======
A remote attacker is able to take advantage of improper private key
blinding operations to recover private keys via a timing side-channel
attack.
References
==========
https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2015-June/015585.html
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2141
https://bugs.archlinux.org/task/45498
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20150724/56b03e5d/attachment.asc>
More information about the arch-security
mailing list