Side-channel attack in Libgcrypt

#VU7299 Side-channel attack in Libgcrypt

Cybersecurity Help s.r.o.

Published: 2017-07-03 | Updated: 2017-07-04

Vulnerability identifier: #VU7299

Vulnerability risk: Low

CVSSv3.1: 3.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-9526

CWE-ID: CWE-310

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Libgcrypt
Client/Desktop applications / Encryption software

Vendor: GNU

Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists in libgcrypt's EdDSA implementation. An attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key.

Mitigation
Update to version 1.7.7.

Vulnerable software versions

Libgcrypt: 1.7.0 - 1.7.6

External links
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=f9494b3f258e01b6af8bd3941ce436bc...
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=5a22de904a0a366ae79f03ff1e13a123...
http://bugzilla.suse.com/show_bug.cgi?id=1042326

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Ubuntu update for Libgcrypt

Side-channel attack in libgcrypt (Alpine package)

Debian update for libgcrypt20

Side-channel attack in Libcrypt