Executive Summary

Summary
Title Das U-Boot AES-CBC encryption implementation contains multiple vulnerabilities
Informations
Name VU#166743 First vendor Publication 2017-09-08
Vendor VU-CERT Last vendor Modification 2017-10-12
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 4.4 Attack Range Local
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#166743

Das U-Boot AES-CBC encryption implementation contains multiple vulnerabilities

Original Release date: 08 Sep 2017 | Last revised: 12 Oct 2017

Overview

Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector and improper handling of an error condition may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt the data.

Description

CWE-329: Not Using a Random IV with CBC Mode - CVE-2017-3225

Das U-Boot's AES-CBC encryption feature uses a zero (0) initialization vector. This allows an attacker to perform dictionary attacks on encrypted data produced by Das U-Boot to learn information about the encrypted data.

CWE-208: Information Exposure Through Timing Discrepancy - CVE-2017-3226

Devices that make use of Das U-Boot's AES-CBC encryption feature using environment encryption (i.e., setting the configuration parameter CONFIG_ENV_AES=y) read environment variables from disk as the encrypted disk image is processed. An attacker with physical access to the device can manipulate the encrypted environment data to include a crafted two-byte sequence which triggers an error in environment variable parsing. This error condition is improperly handled by Das U-Boot, resulting in an immediate process termination with a debugging message.

The immediate failure can be used as an oracle for a Vaudenay-style timing attack on the cryptography, allowing a dedicated attacker to decrypt and potentially modify the contents of the device.

Impact

An attacker with physical access to the device may be able to decrypt the device's contents.

Solution

The CERT/CC is currently unaware of a practical solution to this problem. U-Boot versions prior to 2017.09 contain the vulnerable code; the feature was deprecated and removed in the 2017.09 release.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Brocade Communication SystemsNot Affected03 Jul 201712 Oct 2017
D-Link Systems, Inc.Not Affected03 Jul 201718 Aug 2017
Juniper NetworksNot Affected03 Jul 201723 Aug 2017
NXP Semiconductors Inc.Not Affected03 Jul 201714 Sep 2017
QUALCOMM IncorporatedNot Affected03 Jul 201717 Jul 2017
Texas InstrumentsNot Affected03 Jul 201721 Sep 2017
Ubiquiti NetworksNot Affected03 Jul 201718 Jul 2017
BroadcomUnknown03 Jul 201703 Jul 2017
CaviumUnknown03 Jul 201703 Jul 2017
CiscoUnknown03 Jul 201703 Jul 2017
DENX SoftwareUnknown06 Jul 201706 Jul 2017
Imagination TechnologiesUnknown03 Jul 201703 Jul 2017
Marvell SemiconductorsUnknown03 Jul 201703 Jul 2017
Oracle CorporationUnknown03 Jul 201703 Jul 2017
STMicroelectronicsUnknown03 Jul 201703 Jul 2017
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base5.6AV:L/AC:H/Au:N/C:C/I:C/A:N
Temporal5.0E:POC/RL:U/RC:C
Environmental3.8CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

  • https://cwe.mitre.org/data/definitions/208.html
  • http://cwe.mitre.org/data/definitions/329.html

Credit

Thanks to Allan Xavier for reporting this vulnerability.

This document was written by Garret Wassermann.

Other Information

  • CVE IDs:CVE-2017-3225CVE-2017-3226
  • Date Public:08 Sep 2017
  • Date First Published:08 Sep 2017
  • Date Last Updated:12 Oct 2017
  • Document Revision:54

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/166743

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-310 Cryptographic Issues

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 9

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
Date Informations
2018-10-03 21:22:35
  • Multiple Updates
2018-07-24 21:21:46
  • Multiple Updates
2017-10-12 17:22:20
  • Multiple Updates
2017-09-21 21:22:41
  • Multiple Updates
2017-09-14 21:22:41
  • Multiple Updates
2017-09-08 21:23:17
  • First insertion