OpenSSL – Montgomery squaring bug

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2017-006 CVE-2017-3736 11/02/2017 low v1

Vulnerability details

There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.

Impacted products

ProductsSeverityDetail
Stormshield Network Security low SNS uses a vulnerable version of OpenSSL
Stormshield Data Security low SDMC uses a vulnerable version of OpenSSL
Fast360 low Fast uses a vulnerable version of OpenSSL
Netasq low Netasq uses a vulnerable version of OpenSSL

Revisions

Version Date Description
v1  11/23/2017 Initial release
v2 03/20/2018 Update Fast and Netasq status

 



Stormshield Network Security

CVSS v2 Overall Score: 3.7      

Analysis

Impacted version

CVE-2017-3736 only affects SNS virtual machines running on processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.
  • SNS 3.0.0 to 3.3.1

Workaround solution

Solution

There is no workaround solution.

The 3.3.2 update fixes this vulnerability.



Access vector Access complexity Authentication Confidentiality impact Integrity impact Availability impact
Network Low None None None Partial
CVSS Base score: 5 CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Remediation Level Report Confidence
Unproven that exploit exists Official fix Confirmed
CVSS Temporal score: 3.7 CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Collateral Damage Potential Target Distribution
None High [76-100%]
CVSS Environmental score: 3.7 CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C/CDP:N/TD:H/CR:ND/IR:ND/AR:ND)


Stormshield Data Security

CVSS v2 Overall Score: 3.7      

Analysis

Impacted version

An attacker with high computational power may access SDMC SSL private key and decrypt all traffic between SDS for Cloud clients, administration frontend and SDMC backend. It may result in a leak of some confidential data such as LDAP configuration, list of users, applicative logs… The attacker could also forge clients actions and generate wrong logs or delete users’s licences, delete or modify security policies, and users. Encryption keys and users certificate directories, however, cannot be retrieved or modified. Protected documents are not at risk.
  • SDS 2.1

Workaround solution

Solution

There is no workaround solution.

The 2.5 update fixes this vulnerability.



Access vector Access complexity Authentication Confidentiality impact Integrity impact Availability impact
Network Low None None None Partial
CVSS Base score: 5 CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Remediation Level Report Confidence
Unproven that exploit exists Official fix Confirmed
CVSS Temporal score: 3.7 CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Collateral Damage Potential Target Distribution
None High [76-100%]
CVSS Environmental score: 3.7 CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C/CDP:N/TD:H/CR:ND/IR:ND/AR:ND)


Fast360

CVSS v2 Overall Score: 3.7      

Analysis

Impacted version

CVE-2017-3736 only affects Fast or AMC virtual machines running on processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.
  • Fast360 6.0/1 to 6.0/12
  • Fast360 5.0/1 to 5.0/40

Workaround solution

Solution

There is no workaround solution.

The 6.0/13 and 5.0/41 update fix this vulnerability.



Access vector Access complexity Authentication Confidentiality impact Integrity impact Availability impact
Network Low None None None Partial
CVSS Base score: 5 CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Remediation Level Report Confidence
Unproven that exploit exists Official fix Confirmed
CVSS Temporal score: 3.7 CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Collateral Damage Potential Target Distribution
None High [76-100%]
CVSS Environmental score: 3.7 CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C/CDP:N/TD:H/CR:ND/IR:ND/AR:ND)


Netasq

CVSS v2 Overall Score: 3.7      

Analysis

Impacted version

CVE-2017-3736 only affects Netasq virtual machines running on processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.

All Netasq version are impacted.

Workaround solution

Solution

There is no workaround solution.

The 3.3.2 update fixes this vulnerability.



Access vector Access complexity Authentication Confidentiality impact Integrity impact Availability impact
Network Low None None None Partial
CVSS Base score: 5 CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Remediation Level Report Confidence
Unproven that exploit exists Official fix Confirmed
CVSS Temporal score: 3.7 CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Collateral Damage Potential Target Distribution
None High [76-100%]
CVSS Environmental score: 3.7 CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C/CDP:N/TD:H/CR:ND/IR:ND/AR:ND)