Security Vulnerability: DHEater aka CVE-2002-20001 / CVE-2022-40735 / CVE-2024-41996
This document (000020510) is provided subject to the disclaimer at the end of this document.
Environment
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 11
https://www.suse.com/security/cve/CVE-2002-20001.html
https://www.suse.com/security/cve/CVE-2024-41996.html
https://www.suse.com/security/cve/CVE-2022-40735.html
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 11
https://www.suse.com/security/cve/CVE-2002-20001.html
https://www.suse.com/security/cve/CVE-2024-41996.html
https://www.suse.com/security/cve/CVE-2022-40735.html
Situation
Security researchers from Balasys have published a new attack on Diffie-Hellman key exchange which allows remote attackers to attack network facing SSL / TLS / HTTPS / SSH services leading to excessive compute time usage even by sending small amounts of network traffic even before authentication.
All applications on SUSE Linux Enterprise are affected that have DHE enabled. The Diffie-Hellman Epheremal key exchange is usually configured by default to provide perfect forward secrecy.
Note that Elliptic Curve Diffie-Hellman is not affected by this problem.
All applications on SUSE Linux Enterprise are affected that have DHE enabled. The Diffie-Hellman Epheremal key exchange is usually configured by default to provide perfect forward secrecy.
Note that Elliptic Curve Diffie-Hellman is not affected by this problem.
Resolution
There are currently no code fixes as this a protocol level problem.
SUSE continues to monitor if and when cryptographic libraries will develop and implement counter measures in their Diffie-Hellman code and then backport those fixes. Up to then, the DHE key exchange method should be disabled and the Elliptic Curve Diffie-Hellman method being used as a workaround.
SUSE currently recommends to disable the DHE key exchange until technological solution can be found, using methods listed in the "additional information" section. While we use DEFAULT_SUSE as a default cipher set, removing DHE unconditionally could break existing setups so SUSE will not remove this proactively at this time.
SUSE continues to monitor if and when cryptographic libraries will develop and implement counter measures in their Diffie-Hellman code and then backport those fixes. Up to then, the DHE key exchange method should be disabled and the Elliptic Curve Diffie-Hellman method being used as a workaround.
SUSE currently recommends to disable the DHE key exchange until technological solution can be found, using methods listed in the "additional information" section. While we use DEFAULT_SUSE as a default cipher set, removing DHE unconditionally could break existing setups so SUSE will not remove this proactively at this time.
Status
Security Alert
Additional Information
Workaround
A workaround is to temporary disable DHE key exchange and only use ECDHE (Elliptic Curve Diffie-Hellman), in SSL / TLS / HTTPS using network services. You need to check if this does not cause interoperability issues.
Apache2:
In the SSL vhost config, add the !kDHE modifier to the use SSLCipherSuite in eg. /etc/apache2/ssl-global.conf or local overriding vhost configs,
example:
openssh:
Disable the Diffie-Hellman key exchange methods by adding to or using KexAlgorithms in /etc/ssh.d/sshd_config
References:
A workaround is to temporary disable DHE key exchange and only use ECDHE (Elliptic Curve Diffie-Hellman), in SSL / TLS / HTTPS using network services. You need to check if this does not cause interoperability issues.
Apache2:
In the SSL vhost config, add the !kDHE modifier to the use SSLCipherSuite in eg. /etc/apache2/ssl-global.conf or local overriding vhost configs,
example:
SSLCipherSuite DEFAULT_SUSE:!kDHE
NGINX:
ssl_ciphers ...:!kDHE;
Postfix:
tls_medium_cipherlist ...:!kDHE
openssh:
Disable the Diffie-Hellman key exchange methods by adding to or using KexAlgorithms in /etc/ssh.d/sshd_config
KexAlgorithms -diffie-hellman-group1-sha1,diffie-hellman-group1-sha256,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha256,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha512For SLES12 SP5
KexAlgorithms diffie-hellman-group1-sha256,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group15-sha256,diffie-hellman-group15-sha512,diffie-hellman-group16-sha256,diffie-hellman-group16-sha512,diffie-hellman-group17-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha512
References:
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:000020510
- Creation Date: 18-Nov-2021
- Modified Date:26-Aug-2024
-
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com
