ID CVE-2015-8803
Summary The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
References
Vulnerable Configurations
  • Nettle Project Nettle 3.1.1
    cpe:2.3:a:nettle_project:nettle:3.1.1
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 15.10
    cpe:2.3:o:canonical:ubuntu_linux:15.10
  • openSUSE Leap 42.1
    cpe:2.3:o:opensuse:leap:42.1
  • OpenSUSE 13.1
    cpe:2.3:o:opensuse:opensuse:13.1
  • OpenSUSE 13.2
    cpe:2.3:o:opensuse:opensuse:13.2
CVSS
Base: 7.5 (as of 07-03-2016 - 15:52)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-212.NASL
    description This update for libnettle fixes the following security issues : - CVE-2015-8803: Fixed miscomputation bugs in secp-256r1 modulo functions. (bsc#964845) - CVE-2015-8804: Fixed carry folding bug in x86_64 ecc_384_modp. (bsc#964847) - CVE-2015-8805: Fixed miscomputation bugs in secp-256r1 modulo functions. (bsc#964849) This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 88772
    published 2016-02-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88772
    title openSUSE Security Update : libnettle (openSUSE-2016-212)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-211.NASL
    description This update for libnettle fixes the following issues : - CVE-2015-8803: secp256 calculation bug (boo#964845) - CVE-2015-8804: Miscalculations on secp384 curve (boo#964847) - CVE-2015-8805: Fixed miscomputation bugs in secp-256r1 modulo functions. (boo#964849)
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 88771
    published 2016-02-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88771
    title openSUSE Security Update : libnettle (openSUSE-2016-211)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2897-1.NASL
    description Hanno Bock discovered that Nettle incorrectly handled carry propagation in the NIST P-256 elliptic curve. (CVE-2015-8803) Hanno Bock discovered that Nettle incorrectly handled carry propagation in the NIST P-384 elliptic curve. (CVE-2015-8804) Niels Moeller discovered that Nettle incorrectly handled carry propagation in the NIST P-256 elliptic curve. (CVE-2015-8805). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 88748
    published 2016-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88748
    title Ubuntu 14.04 LTS / 15.10 : nettle vulnerabilities (USN-2897-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0455-1.NASL
    description This update for libnettle fixes the following security issues : - CVE-2015-8803: Fixed miscomputation bugs in secp-256r1 modulo functions. (bsc#964845) - CVE-2015-8804: Fixed carry folding bug in x86_64 ecc_384_modp. (bsc#964847) - CVE-2015-8805: Fixed miscomputation bugs in secp-256r1 modulo functions. (bsc#964849) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 88802
    published 2016-02-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88802
    title SUSE SLED12 / SLES12 Security Update : libnettle (SUSE-SU-2016:0455-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-89968F88D2.NASL
    description updated to 3.2 (#1301310) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 89576
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89576
    title Fedora 23 : nettle-3.2-1.fc23 (2016-89968f88d2)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-8EE88AEE21.NASL
    description Fixes CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 (secp256r1 and secp384r1 bugs) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 89579
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89579
    title Fedora 22 : nettle-2.7.1-6.fc22 (2016-8ee88aee21)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-2582.NASL
    description An update for nettle is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Nettle is a cryptographic library that is designed to fit easily in almost any context: In cryptographic toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like lsh or GnuPG, or even in kernel space. Security Fix(es) : * Multiple flaws were found in the way nettle implemented elliptic curve scalar multiplication. These flaws could potentially introduce cryptographic weaknesses into nettle's functionality. (CVE-2015-8803, CVE-2015-8804, CVE-2015-8805) * It was found that nettle's RSA and DSA decryption code was vulnerable to cache-related side channel attacks. An attacker could use this flaw to recover the private key from a co-located virtual-machine instance. (CVE-2016-6489) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 95329
    published 2016-11-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95329
    title CentOS 7 : nettle (CESA-2016:2582)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-D94300845B.NASL
    description Fixes CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 (secp256r1 and secp384r1 bugs) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92179
    published 2016-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92179
    title Fedora 23 : compat-nettle27 (2016-d94300845b)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2016-1061.NASL
    description According to the versions of the nettle packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Nettle is a cryptographic library that is designed to fit easily in more or less any context: In crypto toolkits for object-oriented languages(C++, Python, Pike, ...), in applications like LSH or GNUPG, or even in kernel space. - Secure Fix(es): - The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.(CVE-2015-8803) - x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.(CVE-2015-8804) - The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.(CVE-2015-8805) - It was found that nettle's RSA and DSA decryption code was vulnerable to cache-related side channel attacks. An attacker could use this flaw to recover the private key from a co-located virtual-machine instance.(CVE-2016-6489) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 99823
    published 2017-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99823
    title EulerOS 2.0 SP1 : nettle (EulerOS-SA-2016-1061)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-2582.NASL
    description From Red Hat Security Advisory 2016:2582 : An update for nettle is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Nettle is a cryptographic library that is designed to fit easily in almost any context: In cryptographic toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like lsh or GnuPG, or even in kernel space. Security Fix(es) : * Multiple flaws were found in the way nettle implemented elliptic curve scalar multiplication. These flaws could potentially introduce cryptographic weaknesses into nettle's functionality. (CVE-2015-8803, CVE-2015-8804, CVE-2015-8805) * It was found that nettle's RSA and DSA decryption code was vulnerable to cache-related side channel attacks. An attacker could use this flaw to recover the private key from a co-located virtual-machine instance. (CVE-2016-6489) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 94704
    published 2016-11-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94704
    title Oracle Linux 7 : nettle (ELSA-2016-2582)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-AA00F0631D.NASL
    description Gnutls 3.4.9 and Nettle 3.2, security fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 89592
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89592
    title Fedora 23 : mingw-gnutls-3.4.9-1.fc23 / mingw-nettle-3.2-1.fc23 (2016-aa00f0631d)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-217.NASL
    description This update for libnettle fixes the following issues : - CVE-2015-8803: secp256 calculation bug (boo#964845) - CVE-2015-8804: Miscalculations on secp384 curve (boo#964847) - CVE-2015-8805: Fixed miscomputation bugs in secp-256r1 modulo functions. (boo#964849)
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 88823
    published 2016-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88823
    title openSUSE Security Update : libnettle (openSUSE-2016-217)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20161103_NETTLE_ON_SL7_X.NASL
    description Security Fix(es) : - Multiple flaws were found in the way nettle implemented elliptic curve scalar multiplication. These flaws could potentially introduce cryptographic weaknesses into nettle's functionality. (CVE-2015-8803, CVE-2015-8804, CVE-2015-8805) - It was found that nettle's RSA and DSA decryption code was vulnerable to cache-related side channel attacks. An attacker could use this flaw to recover the private key from a co-located virtual-machine instance. (CVE-2016-6489) Additional Changes :
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 95849
    published 2016-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95849
    title Scientific Linux Security Update : nettle on SL7.x x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-2582.NASL
    description An update for nettle is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Nettle is a cryptographic library that is designed to fit easily in almost any context: In cryptographic toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like lsh or GnuPG, or even in kernel space. Security Fix(es) : * Multiple flaws were found in the way nettle implemented elliptic curve scalar multiplication. These flaws could potentially introduce cryptographic weaknesses into nettle's functionality. (CVE-2015-8803, CVE-2015-8804, CVE-2015-8805) * It was found that nettle's RSA and DSA decryption code was vulnerable to cache-related side channel attacks. An attacker could use this flaw to recover the private key from a co-located virtual-machine instance. (CVE-2016-6489) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 94545
    published 2016-11-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94545
    title RHEL 7 : nettle (RHSA-2016:2582)
redhat via4
advisories
rhsa
id RHSA-2016:2582
rpms
  • nettle-0:2.7.1-8.el7
  • nettle-devel-0:2.7.1-8.el7
refmap via4
confirm https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d
fedora
  • FEDORA-2016-89968f88d2
  • FEDORA-2016-8ee88aee21
  • FEDORA-2016-aa00f0631d
misc https://blog.fuzzing-project.org/38-Miscomputations-of-elliptic-curve-scalar-multiplications-in-Nettle.html
mlist
  • [info-gnu] 20160128 ANNOUNCE: Nettle-3.2
  • [nettle-bugs] 20151212 secp256 calculation bug (already fixed)
  • [oss-security] 20160202 Miscomputations of elliptic curve scalar multiplications in Nettle
  • [oss-security] 20160202 Re: Miscomputations of elliptic curve scalar multiplications in Nettle
suse
  • openSUSE-SU-2016:0475
  • openSUSE-SU-2016:0477
  • openSUSE-SU-2016:0486
ubuntu USN-2897-1
Last major update 05-12-2016 - 22:04
Published 23-02-2016 - 14:59
Last modified 30-10-2018 - 12:27
Back to Top