CVE-2015-4000
Publication date 20 May 2015
Last updated 24 July 2024
Ubuntu priority
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| apache2 | ||
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
|
| firefox | ||
| 18.04 LTS bionic |
Fixed 39.0+build5-0ubuntu1
|
|
| 16.04 LTS xenial |
Fixed 39.0+build5-0ubuntu1
|
|
| 14.04 LTS trusty |
Fixed 39.0+build5-0ubuntu0.14.04.1
|
|
| gnutls26 | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty |
Not affected
|
|
| gnutls28 | ||
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Not in release | |
| nss | ||
| 18.04 LTS bionic |
Fixed 2:3.19.2-1ubuntu1
|
|
| 16.04 LTS xenial |
Fixed 2:3.19.2-1ubuntu1
|
|
| 14.04 LTS trusty |
Fixed 2:3.19.2-0ubuntu0.14.04.1
|
|
| openjdk-6 | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty |
Fixed 6b36-1.13.8-0ubuntu1~14.04
|
|
| openjdk-7 | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty |
Fixed 7u79-2.5.6-0ubuntu1.14.04.1
|
|
| openjdk-8 | ||
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Not in release | |
| openssl | ||
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Fixed 1.0.1f-1ubuntu2.12
|
|
| openssl098 | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| thunderbird | ||
| 18.04 LTS bionic |
Fixed 1:31.8.0+build1-0ubuntu1
|
|
| 16.04 LTS xenial |
Fixed 1:31.8.0+build1-0ubuntu1
|
|
| 14.04 LTS trusty |
Fixed 1:31.8.0+build1-0ubuntu0.14.04.1
|
|
Notes
mdeslaur
USN-2624-1 disables export ciphers completely in openssl USN-2625-1 disables export ciphers in apache2 in precise
seth-arnold
USN-2639-1 disables <768 bit dh parameters in openssl
mdeslaur
USN-2672-1 disables <768 bit dh parameters in nss
sbeattie
USN-2696-1 disables <768 bit dh parameters in openjdk-7
mdeslaur
gnutls isn't vulnerable to this issue and rejects small dh keys by default. On precise and trusty, the gnutls-cli tool unfortunately sets the minimum dh size to 512 using gnutls_dh_set_prime_bits(), so that must be disabled to test using the command line tool.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
3.7 · Low
|
| Attack vector | Network |
| Attack complexity | High |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | Low |
| Availability impact | None |
| Vector | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N |
References
Related Ubuntu Security Notices (USN)
- 2696-1
- OpenJDK 7 vulnerabilities
- 30 July 2015
- USN-2706-1
- OpenJDK 6 vulnerabilities
- 6 August 2015
- USN-2673-1
- Thunderbird vulnerabilities
- 20 July 2015
- USN-2696-1
- OpenJDK 7 vulnerabilities
- 30 July 2015
- USN-2656-1
- Firefox vulnerabilities
- 9 July 2015
- USN-2656-2
- Firefox vulnerabilities
- 15 July 2015
Other references
- https://weakdh.org/imperfect-forward-secrecy.pdf
- https://weakdh.org/
- https://nohats.ca/wordpress/blog/2015/05/20/weakdh-and-ike-ipsec/
- https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/
- http://lists.gnutls.org/pipermail/gnutls-devel/2015-May/007597.html
- https://access.redhat.com/articles/1456263
- https://wiki.myasnchisdf.eu.org/SecurityTeam/KnowledgeBase/LogJam
- https://www.cve.org/CVERecord?id=CVE-2015-4000