CVE-2015-4000

NameCVE-2015-4000
DescriptionThe TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-247-1, DLA-303-1, DLA-507-1, DSA-3287-1, DSA-3300-1, DSA-3316-1, DSA-3324-1, DSA-3339-1, DSA-3688-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
nss (PTS)buster2:3.42.1-1+deb10u5fixed
buster (security)2:3.42.1-1+deb10u8fixed
bullseye (security), bullseye2:3.61-1+deb11u3fixed
bookworm2:3.87.1-1fixed
sid, trixie2:3.99-1fixed
openjdk-8 (PTS)sid8u402-ga-6fixed
openssl (PTS)buster1.1.1n-0+deb10u3fixed
buster (security)1.1.1n-0+deb10u6fixed
bullseye1.1.1w-0+deb11u1fixed
bullseye (security)1.1.1n-0+deb11u5fixed
bookworm, bookworm (security)3.0.11-1~deb12u2fixed
trixie3.1.5-1fixed
sid3.1.5-1.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
icedovesourcewheezy31.8.0-1~deb7u1DSA-3324-1
icedovesourcejessie31.8.0-1~deb8u1DSA-3324-1
icedovesource(unstable)38.1.0-1
iceweaselsourcewheezy31.8.0esr-1~deb7u1DSA-3300-1
iceweaselsourcejessie31.8.0esr-1~deb8u1DSA-3300-1
nsssourcewheezy2:3.14.5-1+deb7u7DLA-507-1
nsssourcejessie2:3.26-1+debu8u1DSA-3688-1
nsssource(unstable)2:3.19.1-1
openjdk-6sourceexperimental6b36-1.13.8-1
openjdk-6sourcesqueeze6b36-1.13.8-1~deb6u1DLA-303-1
openjdk-6sourcewheezy6b36-1.13.8-1~deb7u1DSA-3339-1
openjdk-6source(unstable)(unfixed)
openjdk-7sourcewheezy7u79-2.5.6-1~deb7u1DSA-3316-1
openjdk-7sourcejessie7u79-2.5.6-1~deb8u1DSA-3316-1
openjdk-7source(unstable)7u79-2.5.6-1
openjdk-8source(unstable)8u66-b01-1
opensslsourcesqueeze0.9.8o-4squeeze21DLA-247-1
opensslsourcewheezy1.0.1e-2+deb7u17DSA-3287-1
opensslsourcejessie1.0.1k-3+deb8u1DSA-3287-1
opensslsource(unstable)1.0.2b-1

Notes

[squeeze] - nss <no-dsa> (no point in switching min key size so close to EOL)
CVE assigned specific to vulnerability in the TLS protocol that was
disclosed in section 3.2 of the
https://weakdh.org/imperfect-forward-secrecy.pdf paper.
Some links on the status of various implementations/protocols:
IKE/IPSEC: https://nohats.ca/wordpress/blog/2015/05/20/weakdh-and-ike-ipsec/
OpenSSL: https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/
OpenSSL 1.0.2b-1 limits it to 768 bit, future versions will increase the limit
GNUTLS: http://lists.gnutls.org/pipermail/gnutls-devel/2015-May/007597.html
NSS/iceweasel/icedove: https://www.mozilla.org/en-US/security/advisories/mfsa2015-70/
NSS patch increasing limit to 1023 bits: https://hg.mozilla.org/projects/nss/rev/ae72d76f8d24

Search for package or bug name: Reporting problems