Name | CVE-2015-4000 |
Description | The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DLA-247-1, DLA-303-1, DLA-507-1, DSA-3287-1, DSA-3300-1, DSA-3316-1, DSA-3324-1, DSA-3339-1, DSA-3688-1 |
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|---|---|---|
icedove (PTS) | jessie | 1:52.3.0-4~deb8u2 | fixed |
nss (PTS) | jessie, jessie (lts) | 2:3.26-1+debu8u19 | fixed |
stretch (security) | 2:3.26.2-1.1+deb9u5 | fixed | |
stretch (lts), stretch | 2:3.26.2-1.1+deb9u8 | fixed | |
buster, buster (lts) | 2:3.42.1-1+deb10u9 | fixed | |
buster (security) | 2:3.42.1-1+deb10u8 | fixed | |
bullseye | 2:3.61-1+deb11u3 | fixed | |
bullseye (security) | 2:3.61-1+deb11u4 | fixed | |
bookworm | 2:3.87.1-1 | fixed | |
bookworm (security) | 2:3.87.1-1+deb12u1 | fixed | |
sid, trixie | 2:3.106-1 | fixed | |
openjdk-7 (PTS) | jessie, jessie (lts) | 7u321-2.6.28-0+deb8u1 | fixed |
openjdk-8 (PTS) | jessie, jessie (lts) | 8u432-b06-2~deb8u1 | fixed |
stretch (security) | 8u332-ga-1~deb9u1 | fixed | |
stretch (lts), stretch | 8u432-b06-2~deb9u1 | fixed | |
sid | 8u432-b06-2 | fixed | |
openssl (PTS) | jessie, jessie (lts) | 1.0.1t-1+deb8u22 | fixed |
stretch (security) | 1.1.0l-1~deb9u6 | fixed | |
stretch (lts), stretch | 1.1.0l-1~deb9u10 | fixed | |
buster, buster (lts) | 1.1.1n-0+deb10u7 | fixed | |
buster (security) | 1.1.1n-0+deb10u6 | fixed | |
bullseye | 1.1.1w-0+deb11u1 | fixed | |
bullseye (security) | 1.1.1w-0+deb11u2 | fixed | |
bookworm | 3.0.15-1~deb12u1 | fixed | |
bookworm (security) | 3.0.14-1~deb12u2 | fixed | |
sid, trixie | 3.3.2-2 | fixed |
The information below is based on the following data on fixed versions.
Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
---|---|---|---|---|---|---|
icedove | source | wheezy | 31.8.0-1~deb7u1 | DSA-3324-1 | ||
icedove | source | jessie | 31.8.0-1~deb8u1 | DSA-3324-1 | ||
icedove | source | (unstable) | 38.1.0-1 | |||
iceweasel | source | wheezy | 31.8.0esr-1~deb7u1 | DSA-3300-1 | ||
iceweasel | source | jessie | 31.8.0esr-1~deb8u1 | DSA-3300-1 | ||
nss | source | wheezy | 2:3.14.5-1+deb7u7 | DLA-507-1 | ||
nss | source | jessie | 2:3.26-1+debu8u1 | DSA-3688-1 | ||
nss | source | (unstable) | 2:3.19.1-1 | |||
openjdk-6 | source | experimental | 6b36-1.13.8-1 | |||
openjdk-6 | source | squeeze | 6b36-1.13.8-1~deb6u1 | DLA-303-1 | ||
openjdk-6 | source | wheezy | 6b36-1.13.8-1~deb7u1 | DSA-3339-1 | ||
openjdk-6 | source | (unstable) | (unfixed) | |||
openjdk-7 | source | wheezy | 7u79-2.5.6-1~deb7u1 | DSA-3316-1 | ||
openjdk-7 | source | jessie | 7u79-2.5.6-1~deb8u1 | DSA-3316-1 | ||
openjdk-7 | source | (unstable) | 7u79-2.5.6-1 | |||
openjdk-8 | source | (unstable) | 8u66-b01-1 | |||
openssl | source | squeeze | 0.9.8o-4squeeze21 | DLA-247-1 | ||
openssl | source | wheezy | 1.0.1e-2+deb7u17 | DSA-3287-1 | ||
openssl | source | jessie | 1.0.1k-3+deb8u1 | DSA-3287-1 | ||
openssl | source | (unstable) | 1.0.2b-1 |
[squeeze] - nss <no-dsa> (no point in switching min key size so close to EOL)
CVE assigned specific to vulnerability in the TLS protocol that was
disclosed in section 3.2 of the
https://weakdh.org/imperfect-forward-secrecy.pdf paper.
Some links on the status of various implementations/protocols:
IKE/IPSEC: https://nohats.ca/wordpress/blog/2015/05/20/weakdh-and-ike-ipsec/
OpenSSL: https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/
OpenSSL 1.0.2b-1 limits it to 768 bit, future versions will increase the limit
GNUTLS: http://lists.gnutls.org/pipermail/gnutls-devel/2015-May/007597.html
NSS/iceweasel/icedove: https://www.mozilla.org/en-US/security/advisories/mfsa2015-70/
NSS patch increasing limit to 1023 bits: https://hg.mozilla.org/projects/nss/rev/ae72d76f8d24