Bug 7079 - botan security vulnerability (CVE-2015-7827)
: botan security vulnerability (CVE-2015-7827)
Status: RESOLVED FIXED
Product: Desktop Bugs
Classification: ROSA Desktop
Component: Contributed Packages
: Fresh
: All Linux
: Normal normal
: ---
Assigned To: ROSA Linux Bugs
: ROSA Linux Bugs
https://advisories.mageia.org/MGASA-2...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-05-30 03:44 MSD by Zombie Ryushu
Modified: 2016-08-23 18:29 MSD (History)
3 users (show)

See Also:
RPM Package: botan
ISO-related:
Bad POT generating:
Upstream:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Zombie Ryushu 2016-05-30 03:44:40 MSD
During RSA decryption, how long decoding of PKCS #1 v1.5 padding took was
input dependent. If these differences could be measured by an attacker,
it could be used to mount a Bleichenbacher million-message attack
(CVE-2015-7827).

ECDSA (and DSA) signature algorithms perform a modular inverse on the
signature nonce k. The modular inverse algorithm used had input dependent
loops, and it is possible a side channel attack could recover sufficient
information about the nonce to eventually recover the ECDSA secret key
(CVE-2016-2849).
Comment 1 Denis Silakov 2016-08-23 18:29:15 MSD
Fixed.