CVE-2017-1000385
CVE-2017-1000385
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://erlang.org/pipermail/erlang-questions/2017-November/094255.htmlhttp://erlang.org/pipermail/erlang-questions/2017-November/094256.htmlhttp://erlang.org/pipermail/erlang-questions/2017-November/094257.htmlhttps://access.redhat.com/errata/RHSA-2018:0242https://access.redhat.com/errata/RHSA-2018:0303https://access.redhat.com/errata/RHSA-2018:0368https://access.redhat.com/errata/RHSA-2018:0528https://lists.debian.org/debian-lts-announce/2017/12/msg00010.htmlhttps://robotattack.org/https://usn.ubuntu.com/3571-1/https://www.debian.org/security/2017/dsa-4057https://www.kb.cert.org/vuls/id/144389