By posing as a man in the middle and modifying packets as the secure communication is set-up it is possible for an attacker to force the calculation of a fully predictable Diffie Hellman secret.
The cipher suites that may be affected (depending on other variables) are:
In case full authentication (client and server certificates) is used, no man in the middle attack seems possible.
polarssl-0.14.2 just added to main tree
Thank you. Arches, please stabilize =net-libs/polarssl-0.14.2
Created attachment 266255 [details]
problem with test, but it compile
x86 stable. No issues with build or tests.
(In reply to comment #3)
> Created attachment 266255 [details]
> Build log
> problem with test, but it compile
Install and run the test suite again.
Stable for HPPA.
amd64 done. Thanks Agostino
Thanks, folks. GLSA Vote: yes.
Vote: YES. New GLSA request filed.
Please punt vulnerable versions.
(In reply to comment #10)
> Please punt vulnerable versions.
The Diffie-Hellman key-exchange implementation in dhm.c in PolarSSL before
0.14.2 does not properly validate a public parameter, which makes it easier
for man-in-the-middle attackers to obtain the shared secret key by modifying
network traffic, a related issue to CVE-2011-5095.
This issue was resolved and addressed in
GLSA 201310-10 at http://security.gentoo.org/glsa/glsa-201310-10.xml
by GLSA coordinator Sergey Popov (pinkbyte).