CVE-2015-2808 | AttackerKB

Description

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the “Bar Mitzvah” issue.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

canonical,
debian,
fujitsu,
huawei,
ibm,
opensuse,
oracle,
redhat,
suse

Products

9700 firmware -,
cognos metrics manager 10.1,
cognos metrics manager 10.1.1,
cognos metrics manager 10.2,
cognos metrics manager 10.2.1,
cognos metrics manager 10.2.2,
communications application session controller,
communications policy management,
debian linux 7.0,
debian linux 8.0,
e6000 firmware -,
e9000 firmware -,
enterprise linux desktop 5.0,
enterprise linux desktop 6.0,
enterprise linux desktop 7.0,
enterprise linux eus 6.6,
enterprise linux eus 7.1,
enterprise linux eus 7.2,
enterprise linux eus 7.3,
enterprise linux eus 7.4,
enterprise linux eus 7.5,
enterprise linux eus 7.6,
enterprise linux eus 7.7,
enterprise linux server 5.0,
enterprise linux server 6.0,
enterprise linux server 7.0,
enterprise linux server aus 6.6,
enterprise linux server aus 7.3,
enterprise linux server aus 7.4,
enterprise linux server aus 7.6,
enterprise linux server aus 7.7,
enterprise linux server tus 7.3,
enterprise linux server tus 7.6,
enterprise linux server tus 7.7,
enterprise linux workstation 5.0,
enterprise linux workstation 6.0,
enterprise linux workstation 7.0,
http server 11.1.1.7.0,
http server 11.1.1.9.0,
http server 12.1.3.0.0,
http server 12.2.1.1.0,
http server 12.2.1.2.0,
integrated lights out manager firmware,
linux enterprise debuginfo 11,
linux enterprise desktop 11,
linux enterprise desktop 12,
linux enterprise server 10,
linux enterprise server 11,
linux enterprise server 12,
linux enterprise software development kit 11,
linux enterprise software development kit 12,
manager 1.7,
oceanstor 18500 firmware -,
oceanstor 18800 firmware -,
oceanstor 18800f firmware -,
oceanstor 9000 firmware -,
oceanstor cse firmware -,
oceanstor hvs85t firmware -,
oceanstor replicationdirector v100r003c00,
oceanstor s2600t firmware -,
oceanstor s5500t firmware -,
oceanstor s5600t firmware -,
oceanstor s5800t firmware -,
oceanstor s6800t firmware -,
oceanstor vis6600t firmware -,
opensuse 13.1,
opensuse 13.2,
policy center v100r003c00,
policy center v100r003c10,
quidway s9300 firmware -,
s12700 firmware -,
s2700 firmware -,
s2750 firmware -,
s3700 firmware -,
s5700ei firmware -,
s5700hi firmware -,
s5700li firmware -,
s5700s-li firmware -,
s5700si firmware -,
s5710ei firmware -,
s5710hi firmware -,
s5720ei firmware -,
s5720hi firmware -,
s6700 firmware -,
s7700 firmware -,
satellite 5.6,
satellite 5.7,
smc2.0 v100r002c01,
smc2.0 v100r002c02,
smc2.0 v100r002c03,
smc2.0 v100r002c04,
sparc enterprise m3000 firmware,
sparc enterprise m4000 firmware,
sparc enterprise m5000 firmware,
sparc enterprise m8000 firmware,
sparc enterprise m9000 firmware,
te60 firmware -,
ubuntu linux 12.04,
ubuntu linux 14.04,
ubuntu linux 15.04,
ultravr v100r003c00

References

Canonical

CVE-2015-2808 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808)

BID-91787 (http://www.securityfocus.com/bid/91787)

BID-73684 (http://www.securityfocus.com/bid/73684)

Advisory

SSRT102127 (http://marc.info?l=bugtraq&m=143818140118771&w=2)

http://rhn.redhat.com/errata/RHSA-2015-1243.html

http://rhn.redhat.com/errata/RHSA-2015-1007.html

HPSBGN03367 (http://marc.info?l=bugtraq&m=143817899717054&w=2)

HPSBUX03512 (http://marc.info?l=bugtraq&m=144493176821532&w=2)

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

http://rhn.redhat.com/errata/RHSA-2015-1006.html

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256

https://kb.juniper.net/JSA10783

SECTRACK-1033737 (http://www.securitytracker.com/id/1033737)

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html

HPSBGN03399 (http://marc.info?l=bugtraq&m=144060576831314&w=2)

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

SECTRACK-1036222 (http://www.securitytracker.com/id/1036222)

http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034

http://www-304.ibm.com/support/docview.wss?uid=swg21960769

GLSA-201512-10 (https://security.gentoo.org/glsa/201512-10)

http://rhn.redhat.com/errata/RHSA-2015-1229.html

https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650

SECTRACK-1032600 (http://www.securitytracker.com/id/1032600)

SECTRACK-1032910 (http://www.securitytracker.com/id/1032910)

USN-2706-1 (http://www.ubuntu.com/usn/USN-2706-1)

http://rhn.redhat.com/errata/RHSA-2015-1526.html

SSRT102133 (http://marc.info?l=bugtraq&m=143817021313142&w=2)

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

SECTRACK-1032599 (http://www.securitytracker.com/id/1032599)

HPSBMU03401 (http://marc.info?l=bugtraq&m=144104533800819&w=2)

http://www-304.ibm.com/support/docview.wss?uid=swg21903565

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190

https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380

https://kc.mcafee.com/corporate/index?page=content&id=SB10163

HPSBMU03345 (http://marc.info?l=bugtraq&m=144043644216842&w=2)

SECTRACK-1032734 (http://www.securitytracker.com/id/1032734)

IV71892 (http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892)

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347

SECTRACK-1033769 (http://www.securitytracker.com/id/1033769)

SECTRACK-1032707 (http://www.securitytracker.com/id/1032707)

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html

http://rhn.redhat.com/errata/RHSA-2015-1091.html

HPSBGN03402 (http://marc.info?l=bugtraq&m=144069189622016&w=2)

IV71888 (http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888)

http://rhn.redhat.com/errata/RHSA-2015-1228.html

HPSBGN03405 (http://marc.info?l=bugtraq&m=144060606031437&w=2)

SECTRACK-1032708 (http://www.securitytracker.com/id/1032708)

http://www.huawei.com/en/psirt/security-advisories/hw-454055

DSA-3316 (http://www.debian.org/security/2015/dsa-3316)

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

SECTRACK-1033415 (http://www.securitytracker.com/id/1033415)

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246

https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709

HPSBGN03403 (http://marc.info?l=bugtraq&m=144104565600964&w=2)

http://www-01.ibm.com/support/docview.wss?uid=swg21883640

HPSBGN03407 (http://marc.info?l=bugtraq&m=144102017024820&w=2)

SECTRACK-1033432 (http://www.securitytracker.com/id/1033432)

HPSBGN03354 (http://marc.info?l=bugtraq&m=143629696317098&w=2)

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html

SECTRACK-1032858 (http://www.securitytracker.com/id/1032858)

SSRT102073 (https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922)

SECTRACK-1032788 (http://www.securitytracker.com/id/1032788)

USN-2696-1 (http://www.ubuntu.com/usn/USN-2696-1)

DSA-3339 (http://www.debian.org/security/2015/dsa-3339)

http://rhn.redhat.com/errata/RHSA-2015-1020.html

http://rhn.redhat.com/errata/RHSA-2015-1242.html

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html

SECTRACK-1033431 (http://www.securitytracker.com/id/1033431)

http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988

SECTRACK-1032868 (http://www.securitytracker.com/id/1032868)

HPSBGN03415 (http://marc.info?l=bugtraq&m=144059703728085&w=2)

http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html

http://rhn.redhat.com/errata/RHSA-2015-1241.html

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

http://rhn.redhat.com/errata/RHSA-2015-1230.html

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888

HPSBGN03338 (http://marc.info?l=bugtraq&m=143456209711959&w=2)

SECTRACK-1033386 (http://www.securitytracker.com/id/1033386)

HPSBMU03377 (http://marc.info?l=bugtraq&m=143741441012338&w=2)

SECTRACK-1033072 (http://www.securitytracker.com/id/1033072)

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119

http://rhn.redhat.com/errata/RHSA-2015-1021.html

http://www-304.ibm.com/support/docview.wss?uid=swg21960015

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html

HPSBGN03414 (http://marc.info?l=bugtraq&m=144059660127919&w=2)

SECTRACK-1032990 (http://www.securitytracker.com/id/1032990)

SECTRACK-1033071 (http://www.securitytracker.com/id/1033071)

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html

SSRT102127 (http://marc.info/?l=bugtraq&m=143818140118771&w=2)

HPSBGN03367 (http://marc.info/?l=bugtraq&m=143817899717054&w=2)

HPSBUX03512 (http://marc.info/?l=bugtraq&m=144493176821532&w=2)

HPSBGN03399 (http://marc.info/?l=bugtraq&m=144060576831314&w=2)

SSRT102133 (http://marc.info/?l=bugtraq&m=143817021313142&w=2)

HPSBMU03401 (http://marc.info/?l=bugtraq&m=144104533800819&w=2)

HPSBMU03345 (http://marc.info/?l=bugtraq&m=144043644216842&w=2)

HPSBGN03402 (http://marc.info/?l=bugtraq&m=144069189622016&w=2)

HPSBGN03405 (http://marc.info/?l=bugtraq&m=144060606031437&w=2)

HPSBGN03403 (http://marc.info/?l=bugtraq&m=144104565600964&w=2)

HPSBGN03407 (http://marc.info/?l=bugtraq&m=144102017024820&w=2)

HPSBGN03354 (http://marc.info/?l=bugtraq&m=143629696317098&w=2)

HPSBGN03415 (http://marc.info/?l=bugtraq&m=144059703728085&w=2)

HPSBGN03338 (http://marc.info/?l=bugtraq&m=143456209711959&w=2)

HPSBMU03377 (http://marc.info/?l=bugtraq&m=143741441012338&w=2)

HPSBGN03414 (http://marc.info/?l=bugtraq&m=144059660127919&w=2)

Miscellaneous

https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf

https://www.secpod.com/blog/cve-2015-2808-bar-mitzvah-attack-in-rc4-2/

Rapid7

Technical Analysis