The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections.
Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v).
Attack Parameters
Attack Vector
Network
Can be exploited remotely
Attack Complexity
High
Difficult to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed
Impact Assessment
Confidentiality
Low
Partial data leak
Integrity
None
No data modification
Availability
None
No disruption
CVSS Vector v3.1
Weakness Type (CWE)
Vulnerable Products 40
| Configuration | From (including) | Up to (excluding) |
|---|---|---|
|
Openssl Openssl
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
|
1.0.2
|
<= 1.0.2v
|
|
Canonical Ubuntu_Linux
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
|
— | — |
|
Canonical Ubuntu_Linux
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
|
— | — |
|
Debian Debian_Linux
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
|
— | — |
|
Oracle Jd_Edwards_World_Security
cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*
|
— | — |
|
Oracle Peoplesoft_Enterprise_Peopletools
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
|
— | — |
|
Oracle Peoplesoft_Enterprise_Peopletools
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
|
— | — |
|
Oracle Peoplesoft_Enterprise_Peopletools
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
|
— | — |
|
Oracle Ethernet_Switch_Es2-64_Firmware
cpe:2.3:o:oracle:ethernet_switch_es2-64_firmware:2.0.0.14:*:*:*:*:*:*:*
|
— | — |
|
Oracle Ethernet_Switch_Es2-64
cpe:2.3:h:oracle:ethernet_switch_es2-64:-:*:*:*:*:*:*:*
|
— | — |
|
Oracle Ethernet_Switch_Es2-72_Firmware
cpe:2.3:o:oracle:ethernet_switch_es2-72_firmware:2.0.0.14:*:*:*:*:*:*:*
|
— | — |
|
Oracle Ethernet_Switch_Es2-72
cpe:2.3:h:oracle:ethernet_switch_es2-72:-:*:*:*:*:*:*:*
|
— | — |
|
Fujitsu M10-1_Firmware
cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*
|
— |
xcp2400
|
|
Fujitsu M10-1
cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*
|
— | — |
|
Fujitsu M10-4_Firmware
cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*
|
— |
xcp2400
|
|
Fujitsu M10-4
cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*
|
— | — |
|
Fujitsu M10-4s_Firmware
cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*
|
— |
xcp2400
|
|
Fujitsu M10-4s
cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*
|
— | — |
|
Fujitsu M12-1_Firmware
cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*
|
— |
xcp2400
|
|
Fujitsu M12-1
cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*
|
— | — |
|
Fujitsu M12-2_Firmware
cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*
|
— |
xcp2400
|
|
Fujitsu M12-2
cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*
|
— | — |
|
Fujitsu M12-2s_Firmware
cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*
|
— |
xcp2400
|
|
Fujitsu M12-2s
cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*
|
— | — |
|
Fujitsu M10-1_Firmware
cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*
|
— |
xcp3100
|
|
Fujitsu M10-1
cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*
|
— | — |
|
Fujitsu M10-4_Firmware
cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*
|
— |
xcp3100
|
|
Fujitsu M10-4
cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*
|
— | — |
|
Fujitsu M10-4s_Firmware
cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*
|
— |
xcp3100
|
|
Fujitsu M10-4s
cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*
|
— | — |
|
Fujitsu M12-1_Firmware
cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*
|
— |
xcp3100
|
|
Fujitsu M12-1
cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*
|
— | — |
|
Fujitsu M12-2_Firmware
cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*
|
— |
xcp3100
|
|
Fujitsu M12-2
cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*
|
— | — |
|
Fujitsu M12-2s_Firmware
cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*
|
— |
xcp3100
|
|
Fujitsu M12-2s
cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*
|
— | — |
|
Oracle Ethernet_Switch_Es1-24_Firmware
cpe:2.3:o:oracle:ethernet_switch_es1-24_firmware:1.3.1:*:*:*:*:*:*:*
|
— | — |
|
Oracle Ethernet_Switch_Es1-24
cpe:2.3:h:oracle:ethernet_switch_es1-24:-:*:*:*:*:*:*:*
|
— | — |
|
Oracle Ethernet_Switch_Tor-72_Firmware
cpe:2.3:o:oracle:ethernet_switch_tor-72_firmware:1.2.2:*:*:*:*:*:*:*
|
— | — |
|
Oracle Ethernet_Switch_Tor-72
cpe:2.3:h:oracle:ethernet_switch_tor-72:-:*:*:*:*:*:*:*
|
— | — |
References 10
https://lists.debian.org/debian-lts-announce/2020/09/msg00016.html
openssl-security@openssl.org
https://security.gentoo.org/glsa/202210-02
openssl-security@openssl.org
https://security.netapp.com/advisory/ntap-20200911-0004/
openssl-security@openssl.org
https://usn.ubuntu.com/4504-1/
openssl-security@openssl.org
https://www.openssl.org/news/secadv/20200909.txt
openssl-security@openssl.org
https://www.oracle.com//security-alerts/cpujul2021.html
openssl-security@openssl.org
https://www.oracle.com/security-alerts/cpuApr2021.html
openssl-security@openssl.org
https://www.oracle.com/security-alerts/cpuapr2022.html
openssl-security@openssl.org
https://www.oracle.com/security-alerts/cpujan2021.html
openssl-security@openssl.org
https://www.oracle.com/security-alerts/cpuoct2021.html
openssl-security@openssl.org