CVE-2013-2566
Priority
Low
Description
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many
single-byte biases, which makes it easier for remote attackers to conduct
plaintext-recovery attacks via statistical analysis of ciphertext in a
large number of sessions that use the same plaintext.
single-byte biases, which makes it easier for remote attackers to conduct
plaintext-recovery attacks via statistical analysis of ciphertext in a
large number of sessions that use the same plaintext.
References
Notes
jdstrand> this is a protocol problem not specific to openssl. Using openssl
as a placeholder until more information is available
jdstrand> marking low for now until more information is available. At present,
naive attacks need tens to hundreds of millions of TLS connections. Optimized
attacks are not present yet.
jdstrand> marking deferred since there is no consensus on what to do (we can't
just disable RC4)
as a placeholder until more information is available
jdstrand> marking low for now until more information is available. At present,
naive attacks need tens to hundreds of millions of TLS connections. Optimized
attacks are not present yet.
jdstrand> marking deferred since there is no consensus on what to do (we can't
just disable RC4)
Package
| Upstream: | needs-triage |
| Ubuntu 8.04 LTS (Hardy Heron): | deferred |
| Ubuntu 10.04 LTS (Lucid Lynx): | deferred |
| Ubuntu 11.10 (Oneiric Ocelot): | deferred |
| Ubuntu 12.04 LTS (Precise Pangolin): | deferred |
| Ubuntu 12.10 (Quantal Quetzal): | deferred |
| Ubuntu 13.04 (Raring Ringtail): | deferred |