PolarSSL Diffie Hellman And RSA Key Exchange Security Bypass Vulnerability

Bugtraq ID:	53610
Class:	Design Error
CVE:	CVE-2012-2130
Remote:	Yes
Local:	No
Published:	Apr 23 2012 12:00AM
Updated:	Oct 17 2013 10:35AM
Credit:	Ruslan Yushchenko
Vulnerable:	Offspark PolarSSL 0.99-pre3 0 Offspark PolarSSL 0.99-pre1 0 Offspark PolarSSL 1.1.1 Offspark PolarSSL 0.99-pre4 Gentoo Linux
Not Vulnerable:	Offspark PolarSSL 1.1.2

PolarSSL Diffie Hellman And RSA Key Exchange Security Bypass Vulnerability

PolarSSL is prone to a security-bypass vulnerability.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.

PolarSSL versions 0.99-pre4 through 1.1.1 are vulnerable.

PolarSSL Diffie Hellman And RSA Key Exchange Security Bypass Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

PolarSSL Diffie Hellman And RSA Key Exchange Security Bypass Vulnerability

Solution:
Updates are available. Please see the references for more information.

PolarSSL Diffie Hellman And RSA Key Exchange Security Bypass Vulnerability

References:

• PolarSSL Security Advisory 2012-01 (PolarSSL)
  
• Vendor Homepage (PolarSSL)