Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2015-2808

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

See the

CVE page on Mitre.org for more details.

References

MISC: https://www.blackhat.c...
CONFIRM: http://www-01.ibm.com/...
AIXAPAR: IV71888
AIXAPAR: IV71892
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.huawei.com/...
CONFIRM: https://h20566.www2.hp...
CONFIRM: http://www.oracle.com/...
BID: 91787
CONFIRM: https://h20566.www2.hp...
CONFIRM: https://h20566.www2.hp...
CONFIRM: https://h20566.www2.hp...
SECTRACK: 1032599
CONFIRM: https://h20564.www2.hp...
CONFIRM: http://www1.huawei.com...
GENTOO: GLSA-201512-10
SUSE: SUSE-SU-2016:0113
SUSE: SUSE-SU-2015:2166
SUSE: SUSE-SU-2015:2192
CONFIRM: http://h20564.www2.hpe...
CONFIRM: https://www-947.ibm.co...
CONFIRM: https://h20564.www2.hp...
SECTRACK: 1033737
SECTRACK: 1033769
CONFIRM: https://h20564.www2.hp...
CONFIRM: https://h20564.www2.hp...
CONFIRM: https://h20564.www2.hp...
CONFIRM: https://h20564.www2.hp...
SECTRACK: 1033386
SECTRACK: 1033415
SECTRACK: 1033431
SECTRACK: 1033432
CONFIRM: https://h20564.www2.hp...
DEBIAN: DSA-3339
REDHAT: RHSA-2015:1526
SUSE: SUSE-SU-2015:1319
SUSE: SUSE-SU-2015:1320
SUSE: openSUSE-SU-2015:1288
SUSE: openSUSE-SU-2015:1289
UBUNTU: USN-2696-1
UBUNTU: USN-2706-1
CONFIRM: http://www-304.ibm.com...
CONFIRM: http://www-304.ibm.com...
CONFIRM: http://www-304.ibm.com...
REDHAT: RHSA-2015:1006
REDHAT: RHSA-2015:1007
REDHAT: RHSA-2015:1020
REDHAT: RHSA-2015:1021
REDHAT: RHSA-2015:1091
SUSE: SUSE-SU-2015:1085
SUSE: SUSE-SU-2015:1086
SUSE: SUSE-SU-2015:1138
SUSE: SUSE-SU-2015:1161
SUSE: SUSE-SU-2015:1073
SECTRACK: 1032707
SECTRACK: 1032708
SECTRACK: 1032734
SECTRACK: 1032788
SECTRACK: 1032858
SECTRACK: 1032868
BID: 73684
CONFIRM: https://kb.juniper.net...
CONFIRM: https://kc.mcafee.com/...
CONFIRM: http://kb.juniper.net/...
CONFIRM: http://kb.juniper.net/...
HP: HPSBGN03366
HP: HPSBGN03367
HP: HPSBGN03372
HP: HPSBMU03377
HP: SSRT102127
HP: SSRT102129
HP: SSRT102133
HP: SSRT102150
HP: HPSBGN03338
HP: HPSBGN03354
HP: HPSBGN03399
HP: HPSBGN03402
HP: HPSBGN03403
HP: HPSBGN03405
HP: HPSBGN03407
HP: HPSBGN03414
HP: HPSBGN03415
HP: HPSBMU03345
HP: HPSBMU03401
HP: HPSBUX03512
HP: SSRT102254
SECTRACK: 1036222
CONFIRM: https://h20566.www2.hp...
CONFIRM: https://h20566.www2.hp...
SECTRACK: 1033071
SECTRACK: 1033072
SECTRACK: 1032910
SECTRACK: 1032990
SECTRACK: 1032600
CONFIRM: http://www.oracle.com/...
DEBIAN: DSA-3316
HP: SSRT102073
REDHAT: RHSA-2015:1228
REDHAT: RHSA-2015:1229
REDHAT: RHSA-2015:1230
REDHAT: RHSA-2015:1241
REDHAT: RHSA-2015:1242
REDHAT: RHSA-2015:1243
CONFIRM: http://www.oracle.com/...
MISC: https://www.secpod.com...

Launchpad.net

CVE 2015-2808

Related bugs

References