Your submission was sent successfully! Close

CVE-2015-4000

Published: 20 May 2015

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

Priority

Medium

CVSS 3 base score: 3.7

Status

Package Release Status
apache2
Launchpad, Ubuntu, Debian
artful Not vulnerable

bionic Not vulnerable

cosmic Not vulnerable

disco Not vulnerable

precise
Released (2.2.22-1ubuntu1.9)
trusty Not vulnerable
(2.4.7-1ubuntu4.4)
upstream Needs triage

utopic Not vulnerable

vivid Not vulnerable

wily Not vulnerable

xenial Not vulnerable

yakkety Not vulnerable

zesty Not vulnerable

firefox
Launchpad, Ubuntu, Debian
artful
Released (39.0+build5-0ubuntu1)
bionic
Released (39.0+build5-0ubuntu1)
cosmic
Released (39.0+build5-0ubuntu1)
disco
Released (39.0+build5-0ubuntu1)
precise Does not exist
(precise was released [39.0+build5-0ubuntu0.12.04.2])
trusty Does not exist
(trusty was released [39.0+build5-0ubuntu0.14.04.1])
upstream
Released (39.0)
utopic
Released (39.0+build5-0ubuntu0.14.10.1)
vivid
Released (39.0+build5-0ubuntu0.15.04.1)
wily
Released (39.0+build5-0ubuntu1)
xenial
Released (39.0+build5-0ubuntu1)
yakkety
Released (39.0+build5-0ubuntu1)
zesty
Released (39.0+build5-0ubuntu1)
gnutls26
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

precise Not vulnerable

trusty Not vulnerable

upstream Needs triage

utopic Not vulnerable

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

gnutls28
Launchpad, Ubuntu, Debian
artful Not vulnerable

bionic Not vulnerable

cosmic Not vulnerable

disco Not vulnerable

precise Does not exist
(precise was not-affected)
trusty Does not exist
(trusty was not-affected)
upstream Needs triage

utopic Not vulnerable

vivid Not vulnerable

wily Not vulnerable

xenial Not vulnerable

yakkety Not vulnerable

zesty Not vulnerable

nss
Launchpad, Ubuntu, Debian
artful
Released (2:3.19.2-1ubuntu1)
bionic
Released (2:3.19.2-1ubuntu1)
cosmic
Released (2:3.19.2-1ubuntu1)
disco
Released (2:3.19.2-1ubuntu1)
precise
Released (3.19.2-0ubuntu0.12.04.1)
trusty
Released (2:3.19.2-0ubuntu0.14.04.1)
upstream Needs triage

utopic
Released (2:3.19.2-0ubuntu0.14.10.1)
vivid
Released (2:3.19.2-0ubuntu15.04.1)
wily
Released (2:3.19.2-1ubuntu1)
xenial
Released (2:3.19.2-1ubuntu1)
yakkety
Released (2:3.19.2-1ubuntu1)
zesty
Released (2:3.19.2-1ubuntu1)
openjdk-6
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

precise Does not exist
(precise was released [6b36-1.13.8-0ubuntu1~12.04])
trusty Does not exist
(trusty was released [6b36-1.13.8-0ubuntu1~14.04])
upstream Needs triage

utopic Ignored
(reached end-of-life)
vivid
Released (6b36-1.13.8-0ubuntu1~15.04.1)
wily Not vulnerable
(6b36-1.13.8-0ubuntu1)
xenial Does not exist

yakkety Does not exist

zesty Does not exist

openjdk-7
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

precise Does not exist
(precise was released [7u79-2.5.6-0ubuntu1.12.04.1])
trusty Does not exist
(trusty was released [7u79-2.5.6-0ubuntu1.14.04.1])
upstream Needs triage

utopic Ignored
(reached end-of-life)
vivid
Released (7u79-2.5.6-0ubuntu1.15.04.1)
wily Not vulnerable
(7u79-2.5.6-1)
xenial Does not exist

yakkety Does not exist

zesty Does not exist

openjdk-8
Launchpad, Ubuntu, Debian
artful Not vulnerable
(8u66-b17-1)
bionic Not vulnerable
(8u66-b17-1)
cosmic Not vulnerable
(8u66-b17-1)
disco Not vulnerable
(8u66-b17-1)
precise Does not exist

trusty Does not exist

upstream Needs triage

utopic Ignored
(reached end-of-life)
vivid Ignored
(reached end-of-life)
wily
Released (8u66-b17-1)
xenial Not vulnerable
(8u66-b17-1)
yakkety Not vulnerable
(8u66-b17-1)
zesty Not vulnerable
(8u66-b17-1)
openssl
Launchpad, Ubuntu, Debian
artful Not vulnerable
(1.0.2a-1ubuntu1)
bionic Not vulnerable
(1.0.2a-1ubuntu1)
cosmic Not vulnerable
(1.0.2a-1ubuntu1)
disco Not vulnerable
(1.0.2a-1ubuntu1)
precise
Released (1.0.1-4ubuntu5.28)
trusty
Released (1.0.1f-1ubuntu2.12)
upstream Needs triage

utopic
Released (1.0.1f-1ubuntu9.5)
vivid
Released (1.0.1f-1ubuntu11.1)
wily Not vulnerable
(1.0.2a-1ubuntu1)
xenial Not vulnerable
(1.0.2a-1ubuntu1)
yakkety Not vulnerable
(1.0.2a-1ubuntu1)
zesty Not vulnerable
(1.0.2a-1ubuntu1)
openssl098
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

precise Does not exist
(precise was needed)
trusty Does not exist
(trusty was needed)
upstream Needs triage

utopic Ignored
(reached end-of-life)
vivid Ignored
(reached end-of-life)
wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

thunderbird
Launchpad, Ubuntu, Debian
artful
Released (1:31.8.0+build1-0ubuntu1)
bionic
Released (1:31.8.0+build1-0ubuntu1)
cosmic
Released (1:31.8.0+build1-0ubuntu1)
disco
Released (1:31.8.0+build1-0ubuntu1)
precise Does not exist
(precise was released [1:31.8.0+build1-0ubuntu0.12.04.1])
trusty Does not exist
(trusty was released [1:31.8.0+build1-0ubuntu0.14.04.1])
upstream
Released (31.8)
utopic
Released (1:31.8.0+build1-0ubuntu0.14.10.1)
vivid
Released (1:31.8.0+build1-0ubuntu0.15.04.1)
wily
Released (1:31.8.0+build1-0ubuntu1)
xenial
Released (1:31.8.0+build1-0ubuntu1)
yakkety
Released (1:31.8.0+build1-0ubuntu1)
zesty
Released (1:31.8.0+build1-0ubuntu1)

Notes

AuthorNote
mdeslaur
USN-2624-1 disables export ciphers completely in openssl
USN-2625-1 disables export ciphers in apache2 in precise
seth-arnold
USN-2639-1 disables <768 bit dh parameters in openssl
mdeslaur
USN-2672-1 disables <768 bit dh parameters in nss
sbeattie
USN-2696-1 disables <768 bit dh parameters in openjdk-7
mdeslaur
gnutls isn't vulnerable to this issue and rejects small dh
keys by default. On precise and trusty, the gnutls-cli tool
unfortunately sets the minimum dh size to 512 using
gnutls_dh_set_prime_bits(), so that must be disabled to test
using the command line tool.

References

Bugs