CVE-2015-0837 - OpenCVE

The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Gnupg	Gnupg Libgcrypt

Configuration 1 [-]

OR	cpe:2.3:a:gnupg:gnupg::::::::
	cpe:2.3:a:gnupg:libgcrypt::::::::

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:7.0:::::::*
	cpe:2.3:o:debian:debian_linux:8.0:::::::*

No data.

References

Link	Providers
http://www.debian.org/security/2015/dsa-3184
http://www.debian.org/security/2015/dsa-3185
https://ieeexplore.ieee.org/document/7163050
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html
https://nvd.nist.gov/vuln/detail/CVE-2015-0837
https://www.cve.org/CVERecord?id=CVE-2015-0837

History

No history.

MITRE

Status: PUBLISHED

Assigner: debian

Published: 2019-11-29T21:10:03

Updated: 2024-08-06T04:26:11.067Z

Reserved: 2015-01-07T00:00:00

Link: CVE-2015-0837

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-11-29T22:15:11.783

Modified: 2019-12-14T13:59:09.573

Link: CVE-2015-0837

Redhat

Severity : Low

Publid Date: 2015-02-27T00:00:00Z

Links: CVE-2015-0837 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "Libgcrypt", "vendor": "GNU", "versions": [{"status": "affected", "version": "before 1.6.3"}]}, {"product": "GnuPG", "vendor": "GNU", "versions": [{"status": "affected", "version": "before 1.4.19"}]}], "datePublic": "2012-05-23T00:00:00", "descriptions": [{"lang": "en", "value": "The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a \"Last-Level Cache Side-Channel Attack.\""}], "problemTypes": [{"descriptions": [{"description": "Other", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-29T21:10:03", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.debian.org/security/2015/dsa-3184"}, {"tags": ["x_refsource_MISC"], "url": "http://www.debian.org/security/2015/dsa-3185"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"}, {"tags": ["x_refsource_MISC"], "url": "https://ieeexplore.ieee.org/document/7163050"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@debian.org", "ID": "CVE-2015-0837", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Libgcrypt", "version": {"version_data": [{"version_value": "before 1.6.3"}]}}, {"product_name": "GnuPG", "version": {"version_data": [{"version_value": "before 1.4.19"}]}}]}, "vendor_name": "GNU"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a \"Last-Level Cache Side-Channel Attack.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Other"}]}]}, "references": {"reference_data": [{"name": "http://www.debian.org/security/2015/dsa-3184", "refsource": "MISC", "url": "http://www.debian.org/security/2015/dsa-3184"}, {"name": "http://www.debian.org/security/2015/dsa-3185", "refsource": "MISC", "url": "http://www.debian.org/security/2015/dsa-3185"}, {"name": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html", "refsource": "CONFIRM", "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"}, {"name": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html", "refsource": "CONFIRM", "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"}, {"name": "https://ieeexplore.ieee.org/document/7163050", "refsource": "MISC", "url": "https://ieeexplore.ieee.org/document/7163050"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:26:11.067Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3184"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3185"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ieeexplore.ieee.org/document/7163050"}]}]}, "cveMetadata": {"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2015-0837", "datePublished": "2019-11-29T21:10:03", "dateReserved": "2015-01-07T00:00:00", "dateUpdated": "2024-08-06T04:26:11.067Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*", "matchCriteriaId": "8A7A4C18-6BE6-437E-81AD-C4AD73A78038", "versionEndExcluding": "1.4.19", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*", "matchCriteriaId": "840D7B26-0812-45F3-803A-B24F7D843364", "versionEndExcluding": "1.6.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a \"Last-Level Cache Side-Channel Attack.\""}, {"lang": "es", "value": "La funci\u00f3n mpi_powm en Libgcrypt versiones anteriores a 1.6.3 y GnuPG versiones anteriores a 1.4.19, permite a atacantes obtener informaci\u00f3n confidencial mediante el aprovechamiento de las diferencias de tiempo al acceder a una tabla precalculada durante una exponenciaci\u00f3n modular, relacionada con un \"Last-Level Cache Side-Channel Attack\"."}], "id": "CVE-2015-0837", "lastModified": "2019-12-14T13:59:09.573", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-29T22:15:11.783", "references": [{"source": "security@debian.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2015/dsa-3184"}, {"source": "security@debian.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2015/dsa-3185"}, {"source": "security@debian.org", "tags": ["Third Party Advisory"], "url": "https://ieeexplore.ieee.org/document/7163050"}, {"source": "security@debian.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html"}, {"source": "security@debian.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html"}], "sourceIdentifier": "security@debian.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-203"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "libgcrypt: last-level cache side-channel attack", "id": "1198147", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1198147"}, "csaw": false, "cvss": {"cvss_base_score": "1.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", "status": "draft"}, "details": ["The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a \"Last-Level Cache Side-Channel Attack.\""], "name": "CVE-2015-0837", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "gnupg", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "gnupg2", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "libgcrypt", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "gnupg2", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "libgcrypt", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "gnupg2", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "libgcrypt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_linux:7::hypervisor", "fix_state": "Fix deferred", "package_name": "mingw-virt-viewer", "product_name": "Red Hat Enterprise Virtualization 3"}], "public_date": "2015-02-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-0837\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0837"], "statement": "Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw in the libgcrypt and gnupg2 packages.\nThe attack leading to this flaw, is difficult to conduct in practice especially for cross-vm environments, mainly because the attacker needs to run their timing attack script at the exact same time decryption runs on the victim machine. Also this is essentially a chosen ciphertext attack because the attacker provides the ciphertext which the victim needs to be decrypt. Such actions only work when there is sufficient social engineer involved.", "threat_severity": "Low", "upstream_fix": "GnuPG 1.4.19, libgcrypt 1.6.3"}