M
MEB
Technical Cyber Security Alert TA08-137A -- Debian/Ubuntu OpenSSL Random
Number Generator Vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA08-137A
Debian/Ubuntu OpenSSL Random Number Generator Vulnerability
Original release date: May 16, 2008
Last revised: --
Source: US-CERT
Systems Affected
* Debian, Ubuntu, and Debian-based distributions
Overview
A vulnerability in the OpenSSL package included with the Debian
GNU/Linux operating system and its derivatives may cause weak
cryptographic keys to be generated. Any package that uses the affected
version of SSL could be vulnerable.
I. Description
A vulnerabiliity exists in the random number generator used by the
OpenSSL package included with the Debian GNU/Linux, Ubuntu, and other
Debian-based operating systems. This vulnerability causes the
generated numbers to be predictable.
The result of this error is that certain encryption keys are much more
common than they should be. This vulnerability affects cryptographic
applications that use keys generated by the flawed versions of the
OpenSSL package. Affected keys include, but may not be limited to, SSH
keys, OpenVPN keys, DNSSEC keys, and key material for use in X.509
certificates and session keys used in SSL/TLS connections. Any of
these keys generated using the affected systems on or after 2006-09-17
may be vulnerable. Keys generated with GnuPG, GNUTLS, ccrypt, or other
encryption utilities that do not use OpenSSL are not vulnerable
because these applications use their own random number generators.
II. Impact
A remote, unauthenticated attacker may be able to guess secret key
material. The attacker may also be able to gain authenticated access
to the system through the affected service or perform
man-in-the-middle attacks.
III. Solution
Upgrade
Debian and Ubuntu have released fixed versions of OpenSSL to address
this issue. System administrators can use the ssh-vulnkey application
to check for compromised or weak SSH keys. After applying updates,
clients using weak keys may be refused by servers.
Workaround
Until updates can be applied, administrators and users are encouraged
to restrict access to vulnerable servers. Debian- and Ubuntu-based
systems can use iptables, iptables configuration tools, or
tcp-wrappers to limit access.
IV. References
* DSA-1571-1 openssl - predictable random number generator -
<http://www.debian.org/security/2008/dsa-1571>
* Debian wiki - SSL keys - <http://wiki.debian.org/SSLkeys>
* Ubuntu OpenSSL vulnerability -
<http://www.ubuntu.com/usn/usn-612-1>
* Ubuntu OpenSSH vulnerability -
<http://www.ubuntu.com/usn/usn-612-2>
* Ubuntu OpenVPN vulnerability -
<http://www.ubuntu.com/usn/usn-612-3>Ubuntu SSL-cert vulnerability
* Ubuntu OpenSSH update - <http://www.ubuntu.com/usn/usn-612-5>
* Ubuntu OpenVPN regression - <http://www.ubuntu.com/usn/usn-612-6>
* OpenVPN regression - <http://www.ubuntu.com/usn/usn-612-6>
_________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA08-137A.html>
_________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA08-137A Feedback VU#925211" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 16, 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSC3OLvRFkHkM87XOAQIY6Qf/RywAJKkMBte71mgV+XKHOFH9yLy+vOGs
HlC35oyfpijFSPI1TyYpN9vvpvfhL8DDDG6/dNBt+u1uVskcurb5Rh1UMmpEEFg0
kVGos6JDD18T6JpfgvEY9k+4iVAGApNirEYRDsKFVRho/3CaJQ6Tdp/jf3NEzmNE
DPgsEA0n825kBd0dr/v3yT5S9wYsn5x9n6OfyHShXVwYPK/V3jEXbU0uZo0Nt7HX
L0FIVTz5tMWIm1LoTsh+GeE0dsnsg/0+qf1jRRq66GQ+3eMGO/wepTbUmqGCXF0s
I+O756V/mDxrPePJRNcpCjtGZCEjtMNJ4fZPQhosxbNVPpvDV5rGlQ==
=93LZ
-----END PGP SIGNATURE-----
Number Generator Vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA08-137A
Debian/Ubuntu OpenSSL Random Number Generator Vulnerability
Original release date: May 16, 2008
Last revised: --
Source: US-CERT
Systems Affected
* Debian, Ubuntu, and Debian-based distributions
Overview
A vulnerability in the OpenSSL package included with the Debian
GNU/Linux operating system and its derivatives may cause weak
cryptographic keys to be generated. Any package that uses the affected
version of SSL could be vulnerable.
I. Description
A vulnerabiliity exists in the random number generator used by the
OpenSSL package included with the Debian GNU/Linux, Ubuntu, and other
Debian-based operating systems. This vulnerability causes the
generated numbers to be predictable.
The result of this error is that certain encryption keys are much more
common than they should be. This vulnerability affects cryptographic
applications that use keys generated by the flawed versions of the
OpenSSL package. Affected keys include, but may not be limited to, SSH
keys, OpenVPN keys, DNSSEC keys, and key material for use in X.509
certificates and session keys used in SSL/TLS connections. Any of
these keys generated using the affected systems on or after 2006-09-17
may be vulnerable. Keys generated with GnuPG, GNUTLS, ccrypt, or other
encryption utilities that do not use OpenSSL are not vulnerable
because these applications use their own random number generators.
II. Impact
A remote, unauthenticated attacker may be able to guess secret key
material. The attacker may also be able to gain authenticated access
to the system through the affected service or perform
man-in-the-middle attacks.
III. Solution
Upgrade
Debian and Ubuntu have released fixed versions of OpenSSL to address
this issue. System administrators can use the ssh-vulnkey application
to check for compromised or weak SSH keys. After applying updates,
clients using weak keys may be refused by servers.
Workaround
Until updates can be applied, administrators and users are encouraged
to restrict access to vulnerable servers. Debian- and Ubuntu-based
systems can use iptables, iptables configuration tools, or
tcp-wrappers to limit access.
IV. References
* DSA-1571-1 openssl - predictable random number generator -
<http://www.debian.org/security/2008/dsa-1571>
* Debian wiki - SSL keys - <http://wiki.debian.org/SSLkeys>
* Ubuntu OpenSSL vulnerability -
<http://www.ubuntu.com/usn/usn-612-1>
* Ubuntu OpenSSH vulnerability -
<http://www.ubuntu.com/usn/usn-612-2>
* Ubuntu OpenVPN vulnerability -
<http://www.ubuntu.com/usn/usn-612-3>Ubuntu SSL-cert vulnerability
* Ubuntu OpenSSH update - <http://www.ubuntu.com/usn/usn-612-5>
* Ubuntu OpenVPN regression - <http://www.ubuntu.com/usn/usn-612-6>
* OpenVPN regression - <http://www.ubuntu.com/usn/usn-612-6>
_________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA08-137A.html>
_________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA08-137A Feedback VU#925211" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 16, 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSC3OLvRFkHkM87XOAQIY6Qf/RywAJKkMBte71mgV+XKHOFH9yLy+vOGs
HlC35oyfpijFSPI1TyYpN9vvpvfhL8DDDG6/dNBt+u1uVskcurb5Rh1UMmpEEFg0
kVGos6JDD18T6JpfgvEY9k+4iVAGApNirEYRDsKFVRho/3CaJQ6Tdp/jf3NEzmNE
DPgsEA0n825kBd0dr/v3yT5S9wYsn5x9n6OfyHShXVwYPK/V3jEXbU0uZo0Nt7HX
L0FIVTz5tMWIm1LoTsh+GeE0dsnsg/0+qf1jRRq66GQ+3eMGO/wepTbUmqGCXF0s
I+O756V/mDxrPePJRNcpCjtGZCEjtMNJ4fZPQhosxbNVPpvDV5rGlQ==
=93LZ
-----END PGP SIGNATURE-----