Vulnerability & Exploit Database

Displaying all 5 entries

Results for: CVE-2017-1000385 Back to search

Oracle Solaris 11: CVE-2017-1000385: Vulnerability in Erlang Vulnerability

  • Severity: 4
  • Published: December 12, 2017

The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).

Ubuntu: USN-3571-1 (CVE-2017-1000385): Erlang vulnerabilities Vulnerability

  • Severity: 4
  • Published: December 08, 2017

The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).

SUSE: CVE-2017-1000385: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: December 08, 2017

The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).

Debian: CVE-2017-1000385: erlang -- security update Vulnerability

  • Severity: 4
  • Published: December 08, 2017

The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).

Scanner for Bleichenbacher Oracle in RSA PKCS #1 v1.5 Exploit

Disclosed: June 17, 2009

Some TLS implementations handle errors processing RSA key exchanges and encryption (PKCS #1 v1.5 messages) in a broken way that leads an adaptive chosen-chiphertext attack. Attackers cannot recover a server's private key, but they can decrypt and sign messages with it. A strong oracle occurs when the TLS server do...