Vigil@nce - OpenSSL: Bleichenbacher attack on CMS and PKCS7
March 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
The Bleichenbacher attack can be used against the OpenSSL
implementation of CMS and PKCS#7, in order to obtain clear text
information, using 2^20 messages.
Severity: 1/4
Creation date: 12/03/2012
IMPACTED PRODUCTS
– OpenSSL
DESCRIPTION OF THE VULNERABILITY
The PKCS#7 format is used to represent a signed or encrypted
document. CMS (Cryptographic Message Syntax) is an improvement of
PKCS#7. S/MIME used PKCS#7, and now uses CMS. TLS/SSL does not use
PKCS#7 nor CMS.
In 1998, Daniel Bleichenbacher proposed an attack to detect if
clear data belong to encrypted data in a PKCS#1 block. This attack
is named "Million Message Attack" because it requires to query an
oracle numerous times.
However, the Bleichenbacher attack can be used against the OpenSSL
implementation of CMS and PKCS#7, in order to obtain clear text
information, using 2^20 messages.
Technical details are unknown.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/OpenSSL-Bleichenbacher-attack-on-CMS-and-PKCS7-11427