ID
VAR-E-200102-0124
TITLE
PKCS #1 Version 1.5 Session Key Retrieval Vulnerability
Trust: 0.3
DESCRIPTION
The data encryption techniques described in RSA's PKCS #1 standard are used in many protocols which rely on, at least in part, the security provided by public-key cryptography systems.
Several protocols which implement the digital enveloping method described in version 1.5 of the PKCS #1 standard are susceptible to an adaptive ciphertext attack which may allow the recovery of session keys, thus compromising the integrity of the data transmitting during that session.
By capturing and logging the packets transmitted between a client and a server, an opponent could make use of a captured encrypted session key to launch a Bleichenbacher attack together with a simple timing attack. If the session key is successfully decrypted, the saved packets can easily be decrypted in a uniform manner.
Interactive key establishment protocols, such as SSH or SSL, are generally significantly more susceptible to successful attacks.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | ssh | model: | communications security ssh | scope: | eq | version: | 1.2.31 | Trust: 0.3 |
| vendor: | openssh | model: | openssh | scope: | eq | version: | 2.1.1 | Trust: 0.3 |
| vendor: | openssh | model: | openssh | scope: | eq | version: | 2.1 | Trust: 0.3 |
| vendor: | openssh | model: | openssh | scope: | eq | version: | 1.2.3 | Trust: 0.3 |
| vendor: | cisco | model: | webns 0b17s | scope: | eq | version: | 4.1 | Trust: 0.3 |
| vendor: | cisco | model: | webns 0b13s | scope: | eq | version: | 4.1 | Trust: 0.3 |
| vendor: | cisco | model: | webns b19s | scope: | eq | version: | 4.0.1 | Trust: 0.3 |
| vendor: | cisco | model: | webns | scope: | eq | version: | 4.0.1 | Trust: 0.3 |
| vendor: | cisco | model: | webns 1b29s | scope: | eq | version: | 4.0 | Trust: 0.3 |
| vendor: | cisco | model: | webns 1b23s | scope: | eq | version: | 4.0 | Trust: 0.3 |
| vendor: | cisco | model: | webns | scope: | eq | version: | 4.0 | Trust: 0.3 |
| vendor: | cisco | model: | webns | scope: | eq | version: | 3.1 | Trust: 0.3 |
| vendor: | cisco | model: | webns | scope: | eq | version: | 3.0 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 5.3(1) | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | eq | version: | 5.2(5) | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2xq | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2xh | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2xe | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2xd | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2xa | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.2t | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 12.2 | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.1yf | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.1yd | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.1yc | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.1yb | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.1ya | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.1xy | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios | scope: | eq | version: | 12.1xv | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.1xu | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.1xt | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.1xs | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.1xr | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.1xq | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.1xp | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.1xm | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.1xl | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.1xk | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.1xj | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.1xi | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.1xh | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.1xg | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.1xf | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.1xe | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.1xd | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.1xc | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.1xb | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.1xa | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.1t | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.1ez | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.1ey | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.1ex | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.1ec | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.1e | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.1dc | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.1db | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | ios 12.0s | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | catalyst | scope: | eq | version: | 60006.2(0.110) | Trust: 0.3 |
| vendor: | cisco | model: | webns b11s | scope: | ne | version: | 5.0 | Trust: 0.3 |
| vendor: | cisco | model: | webns 1b6s | scope: | ne | version: | 5.0 | Trust: 0.3 |
| vendor: | cisco | model: | webns 0b22s | scope: | ne | version: | 4.1 | Trust: 0.3 |
| vendor: | cisco | model: | webns 1b42s | scope: | ne | version: | 4.0 | Trust: 0.3 |
| vendor: | cisco | model: | pix firewall | scope: | ne | version: | 6.0(1) | Trust: 0.3 |
| vendor: | cisco | model: | catalyst pan | scope: | ne | version: | 60006.3 | Trust: 0.3 |
| vendor: | cisco | model: | catalyst | scope: | ne | version: | 60006.2(0.111) | Trust: 0.3 |
| vendor: | cisco | model: | catalyst | scope: | ne | version: | 60006.1(2.13) | Trust: 0.3 |
EXPLOIT
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Design Error
Trust: 0.3
CREDITS
This vulnerability was announced to Bugtraq in a Core SDI Advisory dated February 7, 2001.
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 2344 | Trust: 0.3 |
REFERENCES
| url: | http://www.cisco.com/warp/public/707/ssh-multiple-pub.html | Trust: 0.3 |
SOURCES
| db: | BID | id: | 2344 |
LAST UPDATE DATE
2022-07-27T09:29:19.693000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 2344 | date: | 2001-02-06T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 2344 | date: | 2001-02-06T00:00:00 |