Vulnerability CVE-2017-1000385

Vulnerability Name:

CVE-2017-1000385 (CCN-136240)

Assigned:

2017-12-12

Published:

2017-12-12

Updated:

2019-10-03

Summary:

The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).

CVSS v3 Severity:

5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-203

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2017-1000385

Source: CCN
Type: Erlang Web site
Patch Package: OTP 20.1.7

Source: MLIST
Type: Issue Tracking, Mailing List, Vendor Advisory
[erlang-questions] 20171123 Patch Package: OTP 20.1.7

Source: CCN
Type: Erlang Web site
Patch Package: OTP 19.3.6.4

Source: MLIST
Type: Issue Tracking, Mailing List, Vendor Advisory
[erlang-questions] 20171123 Patch Package: OTP 19.3.6.4

Source: CCN
Type: Erlang Web site
Patch Package: OTP 18.3.4.7

Source: MLIST
Type: Issue Tracking, Mailing List, Vendor Advisory
[erlang-questions] 20171123 Patch Package: OTP 18.3.4.7

Source: CCN
Type: IBM Security Bulletin T1027452 (PowerKVM)
Vulnerabilities in erlang affect PowerKVM

Source: CCN
Type: IBM Security Bulletin 2015539 (PredictiveInsight)
Multiple Security Vulnerabilities Impact IBM Predictive Insights

Source: CCN
Type: US-CERT VU#144389
TLS implementations may disclose side channel information via discrepencies between valid and invalid PKCS#1 padding

Source: BID
Type: Third Party Advisory, VDB Entry
102197

Source: CCN
Type: BID-102197
Erlang/OTP CVE-2017-1000385 Information Disclosure Vulnerability

Source: REDHAT
Type: UNKNOWN
RHSA-2018:0242

Source: REDHAT
Type: UNKNOWN
RHSA-2018:0303

Source: REDHAT
Type: UNKNOWN
RHSA-2018:0368

Source: REDHAT
Type: UNKNOWN
RHSA-2018:0528

Source: XF
Type: UNKNOWN
erlang-cve20171000385-info-disc(136240)

Source: MLIST
Type: UNKNOWN
[debian-lts-announce] 20171215 [SECURITY] [DLA 1207-1] erlang security update

Source: CCN
Type: Robot Attack Web site
The ROBOT Attack

Source: MISC
Type: Issue Tracking, Third Party Advisory
https://robotattack.org/

Source: UBUNTU
Type: UNKNOWN
USN-3571-1

Source: DEBIAN
Type: Issue Tracking, Third Party Advisory
DSA-4057

Source: CERT-VN
Type: Issue Tracking, Third Party Advisory, US Government Resource
VU#144389

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2017-1000385

Vulnerable Configuration:

Configuration 1:

cpe:/a:erlang:erlang/otp:18.3.4.7:*:*:*:*:*:*:*

OR cpe:/a:erlang:erlang/otp:19.3.6.4:*:*:*:*:*:*:*

OR cpe:/a:erlang:erlang/otp:20.1.7:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:debian:debian_linux:8.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:ibm:predictiveinsight:8.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:predictiveinsight:8.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:predictiveinsight:8.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:predictiveinsight:8.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:predictiveinsight:8.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:predictiveinsight:8.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:predictiveinsight:9.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:powerkvm:3.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20171000385	V	CVE-2017-1000385	2022-05-20
oval:org.opensuse.security:def:58044	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-11-19
oval:org.opensuse.security:def:57094	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-09-23
oval:org.opensuse.security:def:57994	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-08-25
oval:org.opensuse.security:def:57963	P	Security update for MozillaFirefox (Important)	2021-07-16
oval:org.opensuse.security:def:57925	P	Security update for polkit (Important)	2021-06-03
oval:org.opensuse.security:def:58068	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:56921	P	Security update for MozillaFirefox (Critical)	2020-12-21
oval:org.opensuse.security:def:57651	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25192	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:56521	P	Security update for gpg2 (Important)	2020-12-01
oval:org.opensuse.security:def:25624	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:25333	P	Security update for apache-commons-httpclient (Important)	2020-12-01
oval:org.opensuse.security:def:56683	P	Security update for openldap2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25682	P	Security update for wpa_supplicant (Moderate)	2020-12-01
oval:org.opensuse.security:def:25536	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:24920	P	Security update for ucode-intel (Important)	2020-12-01
oval:org.opensuse.security:def:26355	P	Security update for erlang (Moderate)	2020-12-01
oval:org.opensuse.security:def:57366	P	Security update for gpg2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25111	P	Security update for openssl-1_0_0 (Moderate)	2020-12-01
oval:org.opensuse.security:def:24909	P	Security update for libjpeg-turbo (Moderate)	2020-12-01
oval:org.opensuse.security:def:57759	P	libIlmImf-Imf_2_1-21 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25249	P	Security update for librsvg (Moderate)	2020-12-01
oval:org.opensuse.security:def:56543	P	Security update for libexif (Moderate)	2020-12-01
oval:org.opensuse.security:def:25638	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25483	P	Security update for freeradius-server (Moderate)	2020-12-01
oval:org.opensuse.security:def:56520	P	Security update for postgresql96 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26320	P	Security update to go1.4 (Low)	2020-12-01
oval:org.opensuse.security:def:57851	P	libsoup-2_4-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:57200	P	Security update for compat-openssl097g	2020-12-01
oval:org.opensuse.security:def:24984	P	Security update for openexr (Moderate)	2020-12-01
oval:org.opensuse.security:def:80703	P	Security update for erlang (Moderate)	2018-04-18
oval:com.ubuntu.artful:def:20171000385000	V	CVE-2017-1000385 on Ubuntu 17.10 (artful) - medium.	2017-12-12
oval:com.ubuntu.xenial:def:201710003850000000	V	CVE-2017-1000385 on Ubuntu 16.04 LTS (xenial) - medium.	2017-12-12
oval:com.ubuntu.trusty:def:20171000385000	V	CVE-2017-1000385 on Ubuntu 14.04 LTS (trusty) - medium.	2017-12-12
oval:com.ubuntu.xenial:def:20171000385000	V	CVE-2017-1000385 on Ubuntu 16.04 LTS (xenial) - medium.	2017-12-12

BACK