cnvd - cnvd-2017-02197

cnvd-2017-02197

Vulnerability from cnvd

Title: Linaro OP-TEE安全绕过漏洞

Description:

Linaro OP-TEE是一套开源的便携式可信执行环境。LibTomCrypt是一个可移植的为开发人员提供的加密工具包。

Linaro OP-TEE使用的LibTomCrypt的rsa_verify_hash.c文件的‘rsa_verify_hash_ex’函数存在安全漏洞。远程攻击者可利用该漏洞伪造RSA签名或证书。

Severity: 中

Patch Name: Linaro OP-TEE安全绕过漏洞的补丁

Patch Description:

Linaro OP-TEE是一套开源的便携式可信执行环境。LibTomCrypt是一个可移植的为开发人员提供的加密工具包。

Linaro OP-TEE使用的LibTomCrypt的rsa_verify_hash.c文件的‘rsa_verify_hash_ex’函数存在安全漏洞。远程攻击者可利用该漏洞伪造RSA签名或证书。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd0

Reference: https://www.op-tee.org/advisories/

Impacted products

Name
LibTomCrypt OP-TEE <2.2.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-6129"
    }
  },
  "description": "Linaro OP-TEE\u662f\u4e00\u5957\u5f00\u6e90\u7684\u4fbf\u643a\u5f0f\u53ef\u4fe1\u6267\u884c\u73af\u5883\u3002LibTomCrypt\u662f\u4e00\u4e2a\u53ef\u79fb\u690d\u7684\u4e3a\u5f00\u53d1\u4eba\u5458\u63d0\u4f9b\u7684\u52a0\u5bc6\u5de5\u5177\u5305\u3002\r\n\r\nLinaro OP-TEE\u4f7f\u7528\u7684LibTomCrypt\u7684rsa_verify_hash.c\u6587\u4ef6\u7684\u2018rsa_verify_hash_ex\u2019\u51fd\u6570\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f2a\u9020RSA\u7b7e\u540d\u6216\u8bc1\u4e66\u3002",
  "discovererName": "unknown",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd0",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-02197",
  "openTime": "2017-02-28",
  "patchDescription": "Linaro OP-TEE\u662f\u4e00\u5957\u5f00\u6e90\u7684\u4fbf\u643a\u5f0f\u53ef\u4fe1\u6267\u884c\u73af\u5883\u3002LibTomCrypt\u662f\u4e00\u4e2a\u53ef\u79fb\u690d\u7684\u4e3a\u5f00\u53d1\u4eba\u5458\u63d0\u4f9b\u7684\u52a0\u5bc6\u5de5\u5177\u5305\u3002\r\n\r\nLinaro OP-TEE\u4f7f\u7528\u7684LibTomCrypt\u7684rsa_verify_hash.c\u6587\u4ef6\u7684\u2018rsa_verify_hash_ex\u2019\u51fd\u6570\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f2a\u9020RSA\u7b7e\u540d\u6216\u8bc1\u4e66\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Linaro OP-TEE\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "LibTomCrypt OP-TEE \u003c2.2.0"
  },
  "referenceLink": "https://www.op-tee.org/advisories/",
  "serverity": "\u4e2d",
  "submitTime": "2017-02-20",
  "title": "Linaro OP-TEE\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2016-6129 (GCVE-0-2016-6129)

Vulnerability from cvelistv5

Published

2017-02-13 18:00

Modified

2024-08-06 01:22

Severity ?

CWE

Summary

The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack.

References

▼	URL	Tags
	https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd0	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=1370955	x_refsource_CONFIRM
	https://www.op-tee.org/advisories/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:22:20.230Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd0"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1370955"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.op-tee.org/advisories/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-08-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-02-13T17:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd0"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1370955"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.op-tee.org/advisories/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-6129",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd0",
              "refsource": "CONFIRM",
              "url": "https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd0"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1370955",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1370955"
            },
            {
              "name": "https://www.op-tee.org/advisories/",
              "refsource": "CONFIRM",
              "url": "https://www.op-tee.org/advisories/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-6129",
    "datePublished": "2017-02-13T18:00:00",
    "dateReserved": "2016-06-30T00:00:00",
    "dateUpdated": "2024-08-06T01:22:20.230Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted