Other Software > Developer's Corner

OpenSSL Vulnerability?

(1/2) > >>

mouser:
This sounds awful..  Anyone with a better background in security want to jump in and tell us how big a deal this is in practice?

Almost two years ago in 2006 Debian decided to clean up their OpenSSL implementation. They found a few lines of code that were causing Valgrind and Purify to complain about access to uninitialized memory. Without a major investigation into the purpose of the suspect lines of code they were simply removed.
...
For the purposes of all the OpenSSL algorithms there was no deficiency. Encryption and decryption and hashes would be calculated correctly. The problem was that the PRNG used for generating keys by the OpenSSL library had been crippled when those critical lines were removed back in 2006. This was not discovered until just this week when Luciano Bello discovered that without those lines the only ‘random’ data used to seed the PRNG was the PID of the OpenSSL process. On many Linux systems the PID is limited to a positive signed 16 bit value. This means there are only 32,767 possibilities. When new keys and certificates were generated by OpenSSL they relied on this number to provide all of their entropy.

--- End quote ---


http://www.avertlabs.com/research/blog/index.php/2008/05/16/code-cleanup-gone-wrong/





ps. I should say that I have come to loathe McAfee in terms of their shoddy and sloppy false positive behavior, but this security blog they have is consistently good.

f0dder:
This is the DEBIAN AND RELATED DISTROS (like the *ubuntu family) related bug, right, not a general OpenSSL vulnerability?

If so, the idea is that if your PRNG isn't seeded with random-enough data (the worst example being seeding it with a time(0) call, effectively using the current data as a seed), hackers/crackers can substantially reduce the time it takes to brute-force the protection. This has happened with at least one software protection scheme as well, there was a fully-working keygen out for asprotect some years ago, for example.

Jibz:
This is a Debian-specific vulnerability which does not affect other operating systems which are not based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.-Debian Security Advisory
--- End quote ---

Please note that:

It is important for administrators to note that even if they replace and upgrade the OpenSSL package they must recreate and replace any keys or certificates generated by the broken OpenSSL kit.
--- End quote ---

housetier:
You can try this tool http://security.debian.org/project/extra/dowkd/dowkd.pl.gz to check for weak keys. Updated packages for Debian and Ubuntu also include programs (ssh-vulnkey, openssl-vulnkey) to check for weak keys.

I have found one trusted key on one of the workstations. Luckily it was only from a laptop that no longer exists.

Eóin:
While an somewhat innocent mistake I find it very worrying that the Debian developers would make code changes in such a critical library :(

Navigation

[0] Message Index

[#] Next page