Closed
Bug 386776
(CVE-2007-3108)
Opened 17 years ago
Closed 6 months ago
Placeholder for VU#724968 investigation
Categories
(NSS :: Libraries, defect, P3)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
INACTIVE
People
(Reporter: dveditz, Unassigned)
Details
(Keywords: sec-low, Whiteboard: [sg:low local?])
Cert forwarded information about VU#724968 which is a flaw in a different crypto product but which they worry may also affect NSS. This is a placeholder while we investigate (nelsonb and rrelyea have the paper) in case we need to start tracking getting a fix into releases.
|
Reporter | |
Updated•17 years ago
|
Whiteboard: [sg:investigate]
|
|
Reporter | |
Comment 1•17 years ago
|
||
Cert sent an update, OpenSSL has fixed this in their implementation. Any information on whether we had the same issue in NSS? - - - - - - Hello, The OpenSSL team has released a patch for VU#724968 (CVE-2007-3108), and has made it publicly available here: http://cvs.openssl.org/chngview?cn=16275 We have published vulnerability note VU#724968 (http://www.kb.cert.org/vuls/id/724968). If you send us a vendor statement, we will add it to the note.
Alias: CVE-2007-3108
|
||
Comment 2•17 years ago
|
||
OpenSSL patch was publicly published today. CVE-2007-3108.txt">http://openssl.org/news/patch-CVE-2007-3108.txt
|
||
Comment 3•17 years ago
|
||
NSS has the same code that openSSL had, however the risk from the paper seems quite minimal. While it's good research and should be watched, It doesn't appear to create a threat at this point in time. In fact the paper couldn't even attack openSSL without modification.
|
|
||
Comment 4•17 years ago
|
||
The paper reported a successful attack against a MODIFIED version of OpenSSL, modified to call their branch prediction cache analyzer every so-many times through the modular exponentiation loop. This is not a very realistic threat. Our threat model excludes all modifications to the running code. That is, we don't attempt to protect the user against attacks where the attacker is running code IN THE SAME PROCESS on the user's system, with the user's credentials and access rights. Bob, NSS shares no code with OpenSSL, so let's be careful NOT to say it is "the same code". It may be similar, but we need to be careful to say that correctly.
|
|
||
Comment 5•17 years ago
|
||
Nelson's correct, the more accurate statement is we are running the same type of algorithm that was attacked in the openSSL case.
|
||
Updated•14 years ago
|
Whiteboard: [sg:investigate] → [sg:low local?]
This seems low-risk and there is public information about it. Can we open this up, maybe resolve it?
|
|
||
Comment 7•12 years ago
|
||
I'm OK if Dan Veditz is OK. The described attack is low risk and public.
|
|
Reporter | |
Updated•11 years ago
|
Group: crypto-core-security
|
|
Reporter | |
Updated•10 years ago
|
Group: crypto-core-security
|
||
Updated•9 years ago
|
Group: core-security → crypto-core-security
|
|
Reporter | |
Updated•2 years ago
|
Group: crypto-core-security
|
|
||
Updated•2 years ago
|
Severity: normal → S3
|
||
Updated•6 months ago
|
Status: NEW → RESOLVED
Closed: 6 months ago
Priority: -- → P3
Resolution: --- → INACTIVE
You need to log in
before you can comment on or make changes to this bug.
Description
•