CVE-2015-2808 Information

Description

The RC4 algorithm as used in the TLS protocol and SSL protocol does not properly combine state data with key data during the initialization phase which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness and then using a brute-force approach involving LSB values aka the \Bar Mitzvah\ issue.

Reference

http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727 http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html http://marc.info/?l=bugtraq&m=143456209711959&w=2 http://marc.info/?l=bugtraq&m=143629696317098&w=2 http://marc.info/?l=bugtraq&m=143741441012338&w=2 http://marc.info/?l=bugtraq&m=143817021313142&w=2 http://marc.info/?l=bugtraq&m=143817899717054&w=2 http://marc.info/?l=bugtraq&m=143818140118771&w=2 http://marc.info/?l=bugtraq&m=144043644216842&w=2 http://marc.info/?l=bugtraq&m=144059660127919&w=2 http://marc.info/?l=bugtraq&m=144059703728085&w=2 http://marc.info/?l=bugtraq&m=144060576831314&w=2 http://marc.info/?l=bugtraq&m=144060606031437&w=2 http://marc.info/?l=bugtraq&m=144069189622016&w=2 http://marc.info/?l=bugtraq&m=144102017024820&w=2 http://marc.info/?l=bugtraq&m=144104533800819&w=2 http://marc.info/?l=bugtraq&m=144104565600964&w=2 http://marc.info/?l=bugtraq&m=144493176821532&w=2 http://rhn.redhat.com/errata/RHSA-2015-1006.html http://rhn.redhat.com/errata/RHSA-2015-1007.html http://rhn.redhat.com/errata/RHSA-2015-1020.html http://rhn.redhat.com/errata/RHSA-2015-1021.html http://rhn.redhat.com/errata/RHSA-2015-1091.html http://rhn.redhat.com/errata/RHSA-2015-1228.html http://rhn.redhat.com/errata/RHSA-2015-1229.html http://rhn.redhat.com/errata/RHSA-2015-1230.html http://rhn.redhat.com/errata/RHSA-2015-1241.html http://rhn.redhat.com/errata/RHSA-2015-1242.html http://rhn.redhat.com/errata/RHSA-2015-1243.html http://rhn.redhat.com/errata/RHSA-2015-1526.html http://www.debian.org/security/2015/dsa-3316 http://www.debian.org/security/2015/dsa-3339 http://www.huawei.com/en/psirt/security-advisories/hw-454055 http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securityfocus.com/bid/73684 http://www.securityfocus.com/bid/91787 http://www.securitytracker.com/id/1032599 http://www.securitytracker.com/id/1032600 http://www.securitytracker.com/id/1032707 http://www.securitytracker.com/id/1032708 http://www.securitytracker.com/id/1032734 http://www.securitytracker.com/id/1032788 http://www.securitytracker.com/id/1032858 http://www.securitytracker.com/id/1032868 http://www.securitytracker.com/id/1032910 http://www.securitytracker.com/id/1032990 http://www.securitytracker.com/id/1033071 http://www.securitytracker.com/id/1033072 http://www.securitytracker.com/id/1033386 http://www.securitytracker.com/id/1033415 http://www.securitytracker.com/id/1033431 http://www.securitytracker.com/id/1033432 http://www.securitytracker.com/id/1033737 http://www.securitytracker.com/id/1033769 http://www.securitytracker.com/id/1036222 http://www.ubuntu.com/usn/USN-2696-1 http://www.ubuntu.com/usn/USN-2706-1 http://www-01.ibm.com/support/docview.wss?uid=swg1IV71888 http://www-01.ibm.com/support/docview.wss?uid=swg1IV71892 http://www-01.ibm.com/support/docview.wss?uid=swg21883640 http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-454055.htm http://www-304.ibm.com/support/docview.wss?uid=swg21903565 http://www-304.ibm.com/support/docview.wss?uid=swg21960015 http://www-304.ibm.com/support/docview.wss?uid=swg21960769 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04687922 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773256 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789 https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04708650 https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04711380 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193347 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888 https://kb.juniper.net/JSA10783 https://kc.mcafee.com/corporate/index?page=content&id=SB10163 https://security.gentoo.org/glsa/201512-10 https://www.blackhat.com/docs/asia-15/materials/asia-15-Mantin-Bar-Mitzvah-Attack-Breaking-SSL-With-13-Year-Old-RC4-Weakness-wp.pdf https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098709