Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1362016 (CVE-2016-6489) - CVE-2016-6489 nettle: RSA/DSA code is vulnerable to cache-timing related attacks
Summary: CVE-2016-6489 nettle: RSA/DSA code is vulnerable to cache-timing related attacks
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2016-6489
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1362017 1362018 1362020 1362021 1362022 1364897 1429958 1429959
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-08-01 07:55 UTC by Huzaifa S. Sidhpurwala
Modified: 2019-09-29 13:54 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
It was found that nettle's RSA and DSA decryption code was vulnerable to cache-related side channel attacks. An attacker could use this flaw to recover the private key from a co-located virtual-machine instance.
Clone Of:
Environment:
Last Closed: 2019-07-12 13:04:19 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2582 0 normal SHIPPED_LIVE Moderate: nettle security and bug fix update 2016-11-03 12:08:24 UTC

Description Huzaifa S. Sidhpurwala 2016-08-01 07:55:45 UTC
A cache-related side channel was found in nettle's RSA and DSA decryption code. An attacker could use this flaw to recover the private key, from a co-located virtual-machine instance.


References:

https://eprint.iacr.org/2016/596.pdf
https://git.lysator.liu.se/nettle/nettle/commit/3fe1d6549765ecfb24f0b80b2ed086fdc818bff3

Comment 1 Huzaifa S. Sidhpurwala 2016-08-01 07:56:51 UTC
Created nettle tracking bugs for this issue:

Affects: fedora-all [bug 1362017]
Affects: epel-5 [bug 1362021]

Comment 2 Huzaifa S. Sidhpurwala 2016-08-01 07:56:59 UTC
Created mingw-nettle tracking bugs for this issue:

Affects: fedora-all [bug 1362018]
Affects: epel-7 [bug 1362022]

Comment 3 Huzaifa S. Sidhpurwala 2016-08-01 07:57:04 UTC
Created compat-nettle27 tracking bugs for this issue:

Affects: fedora-23 [bug 1362020]

Comment 4 Huzaifa S. Sidhpurwala 2016-08-01 07:59:23 UTC
Note:

As per: http://seclists.org/oss-sec/2016/q3/206 , the upstream fix has "some unintended side effects" and needs to be reviewed before being applied.

Comment 6 Nikos Mavrogiannopoulos 2016-08-08 07:36:47 UTC
The upstream author has included sanity checks at the functions using mpz_powm_sec() to prevent crashes by invalid private keys. As such, the unintended side-effects are no longer the case.

https://git.lysator.liu.se/nettle/nettle/commit/52b9223126b3f997c00d399166c006ae28669068

Comment 7 errata-xmlrpc 2016-11-03 19:31:30 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:2582 https://rhn.redhat.com/errata/RHSA-2016-2582.html

Comment 16 Product Security DevOps Team 2019-07-12 13:04:19 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2016-6489


Note You need to log in before you can comment on or make changes to this bug.