[3.8] nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384)
A flaw was found with NSS library when compiled with a server
application. A man-in-the-middle attacker could use this flaw in a
passive replay attack.
The most severe issue for confidentiality is for stream ciphers (and
AES-GCM), as the server may encrypt different data with the exact
same key stream and idempotency, the server may perform same action
multiple times without proper authentication
Fixed In Version:
nss 3.36.5, nss 3.39
References:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS\_3.39\_release\_notes
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS\_3.36.5\_release\_notes
Patches:
https://hg.mozilla.org/projects/nss/rev/2ed9f6afd84e
(NSS_3_39_BRANCH)
https://hg.mozilla.org/projects/nss/rev/46f9a1f40c3d
(NSS_3_36_BRANCH)
(from redmine: issue id 9478, created on 2018-09-27, closed on 2019-05-04)
- Relations:
- parent #9476 (closed)
- Changesets:
- Revision 447318e4 by Natanael Copa on 2018-10-02T13:11:45Z:
main/nss: backport fix for CVE-2018-12384
fixes #9478