CVE-2015-4000

Published: 20 May 2015

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

Priority

Medium

CVSS 3 base score: 3.7

Status

Package Release Status
apache2
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(2.4.7-1ubuntu4.4)
firefox
Launchpad, Ubuntu, Debian
Upstream
Released (39.0)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (39.0+build5-0ubuntu1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (39.0+build5-0ubuntu1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [39.0+build5-0ubuntu0.14.04.1])
gnutls26
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable

gnutls28
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)
nss
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver)
Released (2:3.19.2-1ubuntu1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (2:3.19.2-1ubuntu1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2:3.19.2-0ubuntu0.14.04.1)
openjdk-6
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [6b36-1.13.8-0ubuntu1~14.04])
openjdk-7
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [7u79-2.5.6-0ubuntu1.14.04.1])
openjdk-8
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(8u66-b17-1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(8u66-b17-1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

openssl
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(1.0.2a-1ubuntu1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(1.0.2a-1ubuntu1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.0.1f-1ubuntu2.12)
openssl098
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
thunderbird
Launchpad, Ubuntu, Debian
Upstream
Released (31.8)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (1:31.8.0+build1-0ubuntu1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1:31.8.0+build1-0ubuntu1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1:31.8.0+build1-0ubuntu0.14.04.1])

Notes

AuthorNote
mdeslaur
USN-2624-1 disables export ciphers completely in openssl
USN-2625-1 disables export ciphers in apache2 in precise
seth-arnold
USN-2639-1 disables <768 bit dh parameters in openssl
mdeslaur
USN-2672-1 disables <768 bit dh parameters in nss
sbeattie
USN-2696-1 disables <768 bit dh parameters in openjdk-7
mdeslaur
gnutls isn't vulnerable to this issue and rejects small dh
keys by default. On precise and trusty, the gnutls-cli tool
unfortunately sets the minimum dh size to 512 using
gnutls_dh_set_prime_bits(), so that must be disabled to test
using the command line tool.

References