ESB-2017.2607 - ALERT [Appliance] Infineon RSA: Access privileged data - Remote/unauthenticated 2017-10-18

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.2607
        Vulnerability Note VU#307015 Infineon RSA library does not
                      properly generate RSA key pairs
                              18 October 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Infineon RSA
Publisher:         CERT\CC
Operating System:  Network Appliance
Impact/Access:     Access Privileged Data -- Remote/Unauthenticated
Resolution:        Mitigation
CVE Names:         CVE-2017-15361  

Original Bulletin: 
   http://www.kb.cert.org/vuls/id/307015

Comment: RSA keys generated by the Infineon library have been included in 
         electronic identity cards issued in Estonia and Slovakia, as well as
         Trusted Plarform Module (TPM) devices included in several large 
         laptop brands. In these cases, the ability to factor these keys 
         could lead to identity theft or access to encrypted hard drive data.

- --------------------------BEGIN INCLUDED TEXT--------------------

Vulnerability Note VU#307015

Infineon RSA library does not properly generate RSA key pairs

Original Release date: 16 Oct 2017 | Last revised: 16 Oct 2017

Overview

The Infineon RSA library version 1.02.013 does not properly generate RSA
key pairs, which may allow an attacker to recover the RSA private key
corresponding to an RSA public key generated by this library.
Description

CWE-310: Cryptographic Issues - CVE-2017-15361

The Infineon RSA library version 1.02.013 does not properly generate RSA
key pairs. As a result, the keyspace required for a brute force search is
lessened such that it is feasible to factorize keys under at least 2048
bits and obtain the RSA private key. The attacker needs only access to the
victim's RSA public key generated by this library in order to calculate
the private key.

Note that only RSA key generation is impacted. ECC is unaffected. RSA
keys generated by other devices/libraries may also be used safely with
this library.

Trusted Platform Modules (TPM) or smartcards may use this RSA library in
their products. Infineon has provided a partial list of impacted vendors
in a security advisory. Please see our list of impacted vendors below.

The researcher has released a summary of the work. Full details are expected
at the ACM CCS conference in November 2017.

Impact

A remote attacker may be able recover the RSA private key from a victim's
public key, if it was generated by the Infineon RSA library.

Solution

Apply an update

Check with your device manufacturer for information on firmware updates. A
partial list of affected vendors is below.

Alternatively, affected users may use the following workarounds:

Replace the device

Consider replacing the vulnerable device with a non-impacted device.

Generate a new RSA or ECC key pair

ECC keys are not impacted by this vulnerability. Affected users should
consider generating a new ECC key pair to replace the vulnerable RSA
key pair.

Alternatively, if RSA keys are required, affected users may generate an RSA
key pair using different method (e.g., OpenSSL) and then use the new secure
RSA key pair with the old device. Only RSA key generation is impacted,
not use of secure keys.

4096-bit RSA keys generated by the Infineon library are not known to be
practically factorizable at current publication time, but affected users
should not rely on this property for the long-term future.

Vendor Information

          Vendor           Status   Date Notified Date Updated
Fujitsu                    Affected 16 Oct 2017   16 Oct 2017
Google                     Affected 16 Oct 2017   16 Oct 2017
Hewlett Packard Enterprise Affected 16 Oct 2017   16 Oct 2017
Infineon Technologies AG   Affected -             16 Oct 2017
Lenovo                     Affected 16 Oct 2017   16 Oct 2017
Microsoft Corporation      Affected 16 Oct 2017   16 Oct 2017
WinMagic                   Affected 16 Oct 2017   16 Oct 2017
Yubico                     Affected 16 Oct 2017   16 Oct 2017


If you are a vendor and your product is affected, let us know.

CVSS Metrics
Group		Score	Vector
Base		8.8	AV:N/AC:M/Au:N/C:C/I:C/A:N
Temporal	6.9	E:POC/RL:OF/RC:C
Environmental	6.9	CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

https://crocs.fi.muni.cz/public/papers/rsa_ccs17
https://github.com/crocs-muni/roca
https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160
http://cwe.mitre.org/data/definitions/310.html

Credit

This vulnerability was disclosed by Matus Nemec, Marek Sys, Petr Svenda,
Dusan Klinec, and Vashek Matyas.

This document was written by Garret Wassermann.

Other Information

CVE IDs: CVE-2017-15361
Date Public: 16 Oct 2017
Date First Published: 16 Oct 2017
Date Last Updated: 16 Oct 2017
Document Revision: 22

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWeauKIx+lLeg9Ub1AQjVYQ/5ASbEJcWwK9cPec9WCWRnCGUDzqkqksnR
z2pyhZxVwDGiq5+bdiquOTZjVjBGR3JcctbleVb/X5CwgBTGOGDSVilMBlFDJgjA
cSNhPIvMgaudM4DBNCVBWKJrd4h2mxkFwM+pbtFlxliD7DYTliXvCx9pTXWs1x2e
3OfYIqRXw14SbTHCJwzO+lC2gUm8UojYru9kJQ7eRBStOf6Yv7V0uf2R/82e9iRA
UT3fF4i3fzPhQyPu6HOUOQxOonvAXHhAWJ8SKO2VRkmvrhT7roKeHRpVOXAhv/sP
7rsnBQ+YC0gNT9Ck9TzpZh/QgWHLkZwhTFcWXHc4JN46lBpyIsuJVGVGHGMcdZ0F
6hGTY/8sR/IPGVU7VqgvaHxOLoBSOTt3pCG9TFJ5ggd0aid6Yy6kxrpgEnIeKAl7
fBFKchMt1RxVr4gvkk3OXngQos1Wdtxvxhn5W1T+KA6vhkD0aA5RIFBENnemfND5
HZb+udXkWWMmt4eECgJttWb+ts3xDaXdWVs5ydUkKcAbDx7a0bxcC9/hkn3wJmMl
80l46jdVPplM8Dz50cvlU5DblhR7bZw0heyKpDNb9qNCQloenMEHJ0nIDgywtByZ
SRvrb2Vokw0XF1gZarhyTnMus/NQdbyPs0YY0GIlpQMLDN1FLW+hHm6GAHjcFzcg
9RDXPkCwF5M=
=7V2h
-----END PGP SIGNATURE-----

« Back to bulletins