CVE - CVE-2017-1000385

CVE-ID
CVE-2017-1000385	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:102197 URL:http://www.securityfocus.com/bid/102197 CERT-VN:VU#144389 URL:https://www.kb.cert.org/vuls/id/144389 DEBIAN:DSA-4057 URL:https://www.debian.org/security/2017/dsa-4057 MISC:https://robotattack.org/ MLIST:[debian-lts-announce] 20171215 [SECURITY] [DLA 1207-1] erlang security update URL:https://lists.debian.org/debian-lts-announce/2017/12/msg00010.html MLIST:[erlang-questions] 20171123 Patch Package: OTP 18.3.4.7 URL:http://erlang.org/pipermail/erlang-questions/2017-November/094257.html MLIST:[erlang-questions] 20171123 Patch Package: OTP 19.3.6.4 URL:http://erlang.org/pipermail/erlang-questions/2017-November/094256.html MLIST:[erlang-questions] 20171123 Patch Package: OTP 20.1.7 URL:http://erlang.org/pipermail/erlang-questions/2017-November/094255.html REDHAT:RHSA-2018:0242 URL:https://access.redhat.com/errata/RHSA-2018:0242 REDHAT:RHSA-2018:0303 URL:https://access.redhat.com/errata/RHSA-2018:0303 REDHAT:RHSA-2018:0368 URL:https://access.redhat.com/errata/RHSA-2018:0368 REDHAT:RHSA-2018:0528 URL:https://access.redhat.com/errata/RHSA-2018:0528 UBUNTU:USN-3571-1 URL:https://usn.ubuntu.com/3571-1/
Assigning CNA
MITRE Corporation
Date Record Created
20171129	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20171129)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)