CVE-2016-2183
Publication date 31 August 2016
Last updated 24 July 2024
Ubuntu priority
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| gnutls26 | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty |
Not affected
|
|
| gnutls28 | ||
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Not in release | |
| nss | ||
| 18.04 LTS bionic |
Fixed 2:3.28.4-0ubuntu1
|
|
| 16.04 LTS xenial |
Fixed 2:3.28.4-0ubuntu0.16.04.1
|
|
| 14.04 LTS trusty |
Fixed 2:3.28.4-0ubuntu0.14.04.1
|
|
| openjdk-6 | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty |
Fixed 6b41-1.13.13-0ubuntu0.14.04.1
|
|
| openjdk-7 | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty |
Fixed 7u121-2.6.8-1ubuntu0.14.04.3
|
|
| openjdk-8 | ||
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Fixed 8u121-b13-0ubuntu1.16.04.2
|
|
| 14.04 LTS trusty | Not in release | |
| openssl | ||
| 18.04 LTS bionic |
Fixed 1.0.2g-1ubuntu9
|
|
| 16.04 LTS xenial |
Fixed 1.0.2g-1ubuntu4.4
|
|
| 14.04 LTS trusty |
Fixed 1.0.1f-1ubuntu2.20
|
|
| openssl098 | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
Notes
mdeslaur
DES ciphers aren't typically selected as there are other stronger ciphers placed earlier in default cipher lists gnutls puts AES before 3DES in the cipher list
Patch details
| Package | Patch details |
|---|---|
| nss | |
| openssl |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.5 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
References
Related Ubuntu Security Notices (USN)
- USN-3372-1
- NSS vulnerability
- 31 July 2017
- USN-3198-1
- OpenJDK 6 vulnerabilities
- 16 February 2017
- USN-3179-1
- OpenJDK 8 vulnerabilities
- 25 January 2017
- USN-3270-1
- NSS vulnerabilities
- 27 April 2017
- USN-3087-1
- OpenSSL vulnerabilities
- 22 September 2016
- USN-3194-1
- OpenJDK 7 vulnerabilities
- 9 February 2017
Other references
- https://sweet32.info/
- https://access.redhat.com/articles/2548661
- https://access.redhat.com/security/cve/cve-2016-2183
- https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/
- https://community.qualys.com/thread/16555
- https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633
- https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/
- https://quickview.cloudapps.cisco.com/quickview/bug/CSCvb05575
- https://twitter.com/symantec/status/768786631159603200
- https://www.ietf.org/mail-archive/web/tls/current/msg04560.html
- https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/
- https://www.openssl.org/blog/blog/2016/08/24/sweet32/
- https://www.sigsac.org/ccs/CCS2016/accepted-papers/
- https://www.suse.com/security/cve/CVE-2016-2183.html
- https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue
- http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/5d2bb853ae31
- https://www.cve.org/CVERecord?id=CVE-2016-2183