Author Topic: Serious security vulnerability on Debian/Ubuntu (Read 1210 times)

Piru · « **on:** May 13, 2008, 06:30:38 PM »

Quote

Luciano Bello discovered that the random number generator in Debian's openssl package is predictable. This is caused by an incorrect Debian-specific change to the openssl package (CVE-2008-0166). As a result, cryptographic key material may be guessable.

...

Affected keys include SSH keys, OpenVPN keys, DNSSEC keys, and key material for use in X.509 certificates and session keys used in SSL/TLS connections.

DSA-1571-1 openssl -- predictable random number generator
USN-612-2: OpenSSH vulnerability

Piru · « **Reply #1 on:** May 14, 2008, 10:34:49 PM »

More details about the vulnerability:

http://wiki.debian.org/SSLkeys
http://metasploit.com/users/hdm/tools/debian-openssl/

zyphoid · « **Reply #2 on:** May 14, 2008, 10:59:56 PM »

oh man! that needs a quick fix!

Piru · « **Reply #3 on:** May 15, 2008, 12:44:49 AM »

There fix is there already. The problem is that not everyone updates their boxes daily.

lorddef · « **Reply #4 on:** May 15, 2008, 06:01:57 PM »

Patched our servers yesterday morning.

leirbag28 · « **Reply #5 on:** May 15, 2008, 07:01:27 PM »

@zyphoid

How about selling me your favorite system? :-)

Author Topic: Serious security vulnerability on Debian/Ubuntu (Read 1210 times)

Piru

Serious security vulnerability on Debian/Ubuntu

Piru

Re: Serious security vulnerability on Debian/Ubuntu

zyphoid

Re: Serious security vulnerability on Debian/Ubuntu

Piru

Re: Serious security vulnerability on Debian/Ubuntu

lorddef

Re: Serious security vulnerability on Debian/Ubuntu

leirbag28

Re: Serious security vulnerability on Debian/Ubuntu