oss-sec mailing list archives
Socat security advisory 7 - Created new 2048bit DH modulus
From: Gerhard Rieger <gerhard () dest-unreach org>
Date: Mon, 1 Feb 2016 16:32:55 +0100
Socat security advisory 7 - Created new 2048bit DH modulus Overview In the OpenSSL address implementation the hard coded 1024 bit DH p parameter was not prime. The effective cryptographic strength of a key exchange using these parameters was weaker than the one one could get by using a prime p. Moreover, since there is no indication of how these parameters were chosen, the existence of a trapdoor that makes possible for an eavesdropper to recover the shared secret from a key exchange that uses them cannot be ruled out. A new prime modulus p parameter has been generated by Socat developer using OpenSSL dhparam command. In addition the new parameter is 2048 bit long. Vulnerability Ids: Socat security issue 7 MSVR-1499 Severity: Unknown Affected versions 1.7.3.0 2.0.0-b8 Not affected or corrected versions 1.0.0.0 - 1.7.2.4 1.7.3.1 and later 2.0.0-b1 - 2.0.0-b7 2.0.0-b9 and later Workaround Disable DH ciphers Download The updated sources can be downloaded from: http://www.dest-unreach.org/socat/download/socat-1.7.3.1.tar.gz http://www.dest-unreach.org/socat/download/socat-2.0.0-b9.tar gz Acknowledgments Santiago Zanella-Beguelin and Microsoft Vulnerability Research (MSVR).
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Socat security advisory 7 - Created new 2048bit DH modulus Gerhard Rieger (Feb 01)
- Re: Socat security advisory 7 - Created new 2048bit DH modulus cve-assign (Feb 02)
- Re: Re: Socat security advisory 7 - Created new 2048bit DH modulus Seth Arnold (Feb 02)
- Re: Socat security advisory 7 - Created new 2048bit DH modulus Andreas Stieger (Feb 04)
- <Possible follow-ups>
- Re: Socat security advisory 7 - Created new 2048bit DH modulus cve-assign (Feb 03)
- Re: Socat security advisory 7 - Created new 2048bit DH modulus cve-assign (Feb 02)