CPANSA-Net-Dropbear-2016-6129-libtomcrypt: Net-Dropbear vulnerability

Publisher	giterlizzi	Document category	csaf_security_advisory
Initial release date	2017-02-13T00:00:00	Engine	CSAF Perl Toolkit 0.25
Current release date	2017-02-13T00:00:00	Build Date
Current version	1	Status	final
CVSS v3.1 Base Score	7.5	Severity	High
Original language		Language	en
Also referred to

Vulnerability Description

The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack.

Vulnerabilities

CVE-2016-6129

Vulnerability Description

Weakness	CWE-20 : Improper Input Validation

Product status

Known affected

Product

Score

Net-Dropbear greater than or equal 0.01 and less than or equal 0.10

CVSS Version	CVSS Vector	CVSS Base Score	CVSS Base Severity
3.0	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	7.5	High
2.0	AV:N/AC:L/Au:N/C:N/I:P/A:N	5.0	Medium

giterlizzi

Namespace: https://github.com/giterlizzi/

gdt@cpan.org

References

CPANSA-Net-Dropbear-2016-6129-libtomcrypt JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2017/cpansa-net-dropbear-2016-6129-libtomcrypt.json
https://www.op-tee.org/advisories/ external
https://www.op-tee.org/advisories/
https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd0 external
https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd0
https://bugzilla.redhat.com/show_bug.cgi?id=1370955 external
https://bugzilla.redhat.com/show_bug.cgi?id=1370955
CVE-2016-6129 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2016-6129

Revision history

Version	Date of the revision	Summary of the revision
1	Mon Feb 13 00:00:00 2017	First release

Sharing rules

TLP:WHITE
For the TLP version see: https://www.first.org/tlp/