Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.2607 Vulnerability Note VU#307015 Infineon RSA library does not properly generate RSA key pairs 18 October 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Infineon RSA Publisher: CERT\CC Operating System: Network Appliance Impact/Access: Access Privileged Data -- Remote/Unauthenticated Resolution: Mitigation CVE Names: CVE-2017-15361 Original Bulletin: http://www.kb.cert.org/vuls/id/307015 Comment: RSA keys generated by the Infineon library have been included in electronic identity cards issued in Estonia and Slovakia, as well as Trusted Plarform Module (TPM) devices included in several large laptop brands. In these cases, the ability to factor these keys could lead to identity theft or access to encrypted hard drive data. - --------------------------BEGIN INCLUDED TEXT-------------------- Vulnerability Note VU#307015 Infineon RSA library does not properly generate RSA key pairs Original Release date: 16 Oct 2017 | Last revised: 16 Oct 2017 Overview The Infineon RSA library version 1.02.013 does not properly generate RSA key pairs, which may allow an attacker to recover the RSA private key corresponding to an RSA public key generated by this library. Description CWE-310: Cryptographic Issues - CVE-2017-15361 The Infineon RSA library version 1.02.013 does not properly generate RSA key pairs. As a result, the keyspace required for a brute force search is lessened such that it is feasible to factorize keys under at least 2048 bits and obtain the RSA private key. The attacker needs only access to the victim's RSA public key generated by this library in order to calculate the private key. Note that only RSA key generation is impacted. ECC is unaffected. RSA keys generated by other devices/libraries may also be used safely with this library. Trusted Platform Modules (TPM) or smartcards may use this RSA library in their products. Infineon has provided a partial list of impacted vendors in a security advisory. Please see our list of impacted vendors below. The researcher has released a summary of the work. Full details are expected at the ACM CCS conference in November 2017. Impact A remote attacker may be able recover the RSA private key from a victim's public key, if it was generated by the Infineon RSA library. Solution Apply an update Check with your device manufacturer for information on firmware updates. A partial list of affected vendors is below. Alternatively, affected users may use the following workarounds: Replace the device Consider replacing the vulnerable device with a non-impacted device. Generate a new RSA or ECC key pair ECC keys are not impacted by this vulnerability. Affected users should consider generating a new ECC key pair to replace the vulnerable RSA key pair. Alternatively, if RSA keys are required, affected users may generate an RSA key pair using different method (e.g., OpenSSL) and then use the new secure RSA key pair with the old device. Only RSA key generation is impacted, not use of secure keys. 4096-bit RSA keys generated by the Infineon library are not known to be practically factorizable at current publication time, but affected users should not rely on this property for the long-term future. Vendor Information Vendor Status Date Notified Date Updated Fujitsu Affected 16 Oct 2017 16 Oct 2017 Google Affected 16 Oct 2017 16 Oct 2017 Hewlett Packard Enterprise Affected 16 Oct 2017 16 Oct 2017 Infineon Technologies AG Affected - 16 Oct 2017 Lenovo Affected 16 Oct 2017 16 Oct 2017 Microsoft Corporation Affected 16 Oct 2017 16 Oct 2017 WinMagic Affected 16 Oct 2017 16 Oct 2017 Yubico Affected 16 Oct 2017 16 Oct 2017 If you are a vendor and your product is affected, let us know. CVSS Metrics Group Score Vector Base 8.8 AV:N/AC:M/Au:N/C:C/I:C/A:N Temporal 6.9 E:POC/RL:OF/RC:C Environmental 6.9 CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND References https://crocs.fi.muni.cz/public/papers/rsa_ccs17 https://github.com/crocs-muni/roca https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160 http://cwe.mitre.org/data/definitions/310.html Credit This vulnerability was disclosed by Matus Nemec, Marek Sys, Petr Svenda, Dusan Klinec, and Vashek Matyas. This document was written by Garret Wassermann. Other Information CVE IDs: CVE-2017-15361 Date Public: 16 Oct 2017 Date First Published: 16 Oct 2017 Date Last Updated: 16 Oct 2017 Document Revision: 22 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWeauKIx+lLeg9Ub1AQjVYQ/5ASbEJcWwK9cPec9WCWRnCGUDzqkqksnR z2pyhZxVwDGiq5+bdiquOTZjVjBGR3JcctbleVb/X5CwgBTGOGDSVilMBlFDJgjA cSNhPIvMgaudM4DBNCVBWKJrd4h2mxkFwM+pbtFlxliD7DYTliXvCx9pTXWs1x2e 3OfYIqRXw14SbTHCJwzO+lC2gUm8UojYru9kJQ7eRBStOf6Yv7V0uf2R/82e9iRA UT3fF4i3fzPhQyPu6HOUOQxOonvAXHhAWJ8SKO2VRkmvrhT7roKeHRpVOXAhv/sP 7rsnBQ+YC0gNT9Ck9TzpZh/QgWHLkZwhTFcWXHc4JN46lBpyIsuJVGVGHGMcdZ0F 6hGTY/8sR/IPGVU7VqgvaHxOLoBSOTt3pCG9TFJ5ggd0aid6Yy6kxrpgEnIeKAl7 fBFKchMt1RxVr4gvkk3OXngQos1Wdtxvxhn5W1T+KA6vhkD0aA5RIFBENnemfND5 HZb+udXkWWMmt4eECgJttWb+ts3xDaXdWVs5ydUkKcAbDx7a0bxcC9/hkn3wJmMl 80l46jdVPplM8Dz50cvlU5DblhR7bZw0heyKpDNb9qNCQloenMEHJ0nIDgywtByZ SRvrb2Vokw0XF1gZarhyTnMus/NQdbyPs0YY0GIlpQMLDN1FLW+hHm6GAHjcFzcg 9RDXPkCwF5M= =7V2h -----END PGP SIGNATURE-----