CVE-2012-4929
Priority
Medium
Description
The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google
Chrome, Qt, and other products, can encrypt compressed data without
properly obfuscating the length of the unencrypted data, which allows
man-in-the-middle attackers to obtain plaintext HTTP headers by observing
length differences during a series of guesses in which a string in an HTTP
request potentially matches an unknown string in an HTTP header, aka a
"CRIME" attack.
Chrome, Qt, and other products, can encrypt compressed data without
properly obfuscating the length of the unencrypted data, which allows
man-in-the-middle attackers to obtain plaintext HTTP headers by observing
length differences during a series of guesses in which a string in an HTTP
request potentially matches an unknown string in an HTTP header, aka a
"CRIME" attack.
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929
https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212
https://gist.github.com/3696912
https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls
https://chromiumcodereview.appspot.com/10825183
https://bugzilla.redhat.com/show_bug.cgi?id=857051
http://www.theregister.co.uk/2012/09/14/crime_tls_attack/
http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091
http://www.ekoparty.org/2012/thai-duong.php
http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512
http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312
http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor
http://news.ycombinator.com/item?id=4510829
http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html
http://code.google.com/p/chromium/issues/detail?id=139744
http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/
http://permalink.gmane.org/gmane.comp.lib.qt.devel/6729
http://www.ubuntu.com/usn/usn-1627-1
http://www.ubuntu.com/usn/usn-1628-1
https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212
https://gist.github.com/3696912
https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls
https://chromiumcodereview.appspot.com/10825183
https://bugzilla.redhat.com/show_bug.cgi?id=857051
http://www.theregister.co.uk/2012/09/14/crime_tls_attack/
http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091
http://www.ekoparty.org/2012/thai-duong.php
http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512
http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312
http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor
http://news.ycombinator.com/item?id=4510829
http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html
http://code.google.com/p/chromium/issues/detail?id=139744
http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/
http://permalink.gmane.org/gmane.comp.lib.qt.devel/6729
http://www.ubuntu.com/usn/usn-1627-1
http://www.ubuntu.com/usn/usn-1628-1
Bugs
https://bugzilla.redhat.com/show_bug.cgi?id=857051
https://bugzilla.novell.com/show_bug.cgi?id=779952
https://issues.apache.org/bugzilla/show_bug.cgi?id=53219 (apache2)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674142 (apache2)
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1068854 (apache2)
https://bugzilla.novell.com/show_bug.cgi?id=779952
https://issues.apache.org/bugzilla/show_bug.cgi?id=53219 (apache2)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674142 (apache2)
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1068854 (apache2)
Notes
jdstrand> Fedora/RedHat has a patch to check for OPENSSL_NO_DEFAULT_ZLIB that
can be used to mitigate this flaw. See RedHat bug #857051
jdstrand> No patch for upstream OpenSSL. This may be considered a flaw in the
applications using OpenSSL and not OpenSSL itself.
mdeslaur> adding apache2, we should backport the SSLCompression option.
mdeslaur> in trunk and 2.4, sslcompression defaults to off with a second
mdeslaur> commit. Second commit to default to off isn't in 2.2 yet.
mdeslaur> redhat disabled zlib compression by default in openssl:
mdeslaur> https://rhn.redhat.com/errata/RHSA-2013-0587.html
can be used to mitigate this flaw. See RedHat bug #857051
jdstrand> No patch for upstream OpenSSL. This may be considered a flaw in the
applications using OpenSSL and not OpenSSL itself.
mdeslaur> adding apache2, we should backport the SSLCompression option.
mdeslaur> in trunk and 2.4, sslcompression defaults to off with a second
mdeslaur> commit. Second commit to default to off isn't in 2.2 yet.
mdeslaur> redhat disabled zlib compression by default in openssl:
mdeslaur> https://rhn.redhat.com/errata/RHSA-2013-0587.html
Package
| Upstream: | released (4.8.4, 5.0.0) |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored (reached end-of-life) |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (4:4.6.2-0ubuntu5.5) |
| Ubuntu 11.10 (Oneiric Ocelot): | released (4:4.7.4-0ubuntu8.2) |
| Ubuntu 12.04 LTS (Precise Pangolin): | released (4:4.8.1-0ubuntu4.3) |
| Ubuntu 12.10 (Quantal Quetzal): | released (4:4.8.3+dfsg-0ubuntu3) |
| Ubuntu 13.04 (Raring Ringtail): | released (4:4.8.3+dfsg-0ubuntu3) |
| Ubuntu 13.10 (Saucy Salamander): | released (4:4.8.3+dfsg-0ubuntu3) |
Patches:
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | DNE |
| Ubuntu 10.04 LTS (Lucid Lynx): | DNE |
| Ubuntu 11.10 (Oneiric Ocelot): | ignored (reached end-of-life) |
| Ubuntu 12.04 LTS (Precise Pangolin): | needed |
| Ubuntu 12.10 (Quantal Quetzal): | needed |
| Ubuntu 13.04 (Raring Ringtail): | needed |
| Ubuntu 13.10 (Saucy Salamander): | needed |
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored (reached end-of-life) |
| Ubuntu 10.04 LTS (Lucid Lynx): | needed |
| Ubuntu 11.10 (Oneiric Ocelot): | ignored (reached end-of-life) |
| Ubuntu 12.04 LTS (Precise Pangolin): | needed |
| Ubuntu 12.10 (Quantal Quetzal): | needed |
| Ubuntu 13.04 (Raring Ringtail): | needed |
| Ubuntu 13.10 (Saucy Salamander): | needed |
Patches:
Package
| Upstream: | released (2.2.22-12) |
| Ubuntu 8.04 LTS (Hardy Heron): | released (2.2.8-1ubuntu0.24) |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (2.2.14-5ubuntu8.10) |
| Ubuntu 11.10 (Oneiric Ocelot): | released (2.2.20-1ubuntu1.3) |
| Ubuntu 12.04 LTS (Precise Pangolin): | released (2.2.22-1ubuntu1.2) |
| Ubuntu 12.10 (Quantal Quetzal): | released (2.2.22-6ubuntu2.1) |
| Ubuntu 13.04 (Raring Ringtail): | released (2.2.22-6ubuntu3) |
| Ubuntu 13.10 (Saucy Salamander): | released (2.2.22-6ubuntu3) |
Patches:
Package
| Upstream: | pending (22) |
| Ubuntu 8.04 LTS (Hardy Heron): | DNE |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (23.0.1271.97-0ubuntu0.10.04.1) |
| Ubuntu 11.10 (Oneiric Ocelot): | released (23.0.1271.97-0ubuntu0.11.10.1) |
| Ubuntu 12.04 LTS (Precise Pangolin): | released (23.0.1271.97-0ubuntu0.12.04.1) |
| Ubuntu 12.10 (Quantal Quetzal): | not-affected (22.0.1229.94~r161065-0ubuntu1) |
| Ubuntu 13.04 (Raring Ringtail): | not-affected (22.0.1229.94~r161065-0ubuntu1) |
| Ubuntu 13.10 (Saucy Salamander): | not-affected (22.0.1229.94~r161065-0ubuntu1) |
Patches:
| Upstream: | https://chromiumcodereview.appspot.com/10825183 |
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored (reached end-of-life) |
| Ubuntu 10.04 LTS (Lucid Lynx): | not-affected (code-not-compiled) |
| Ubuntu 11.10 (Oneiric Ocelot): | not-affected (code-not-compiled) |
| Ubuntu 12.04 LTS (Precise Pangolin): | not-affected (code-not-compiled) |
| Ubuntu 12.10 (Quantal Quetzal): | not-affected (code-not-compiled) |
| Ubuntu 13.04 (Raring Ringtail): | not-affected (code-not-compiled) |
| Ubuntu 13.10 (Saucy Salamander): | not-affected (code-not-compiled) |