topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 10:27 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: OpenSSL Vulnerability?  (Read 8244 times)

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
OpenSSL Vulnerability?
« on: May 16, 2008, 11:47 AM »
This sounds awful..  Anyone with a better background in security want to jump in and tell us how big a deal this is in practice?

Almost two years ago in 2006 Debian decided to clean up their OpenSSL implementation. They found a few lines of code that were causing Valgrind and Purify to complain about access to uninitialized memory. Without a major investigation into the purpose of the suspect lines of code they were simply removed.
...
For the purposes of all the OpenSSL algorithms there was no deficiency. Encryption and decryption and hashes would be calculated correctly. The problem was that the PRNG used for generating keys by the OpenSSL library had been crippled when those critical lines were removed back in 2006. This was not discovered until just this week when Luciano Bello discovered that without those lines the only ‘random’ data used to seed the PRNG was the PID of the OpenSSL process. On many Linux systems the PID is limited to a positive signed 16 bit value. This means there are only 32,767 possibilities. When new keys and certificates were generated by OpenSSL they relied on this number to provide all of their entropy.


ps. I should say that I have come to loathe McAfee in terms of their shoddy and sloppy false positive behavior, but this security blog they have is consistently good.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: OpenSSL Vulnerability?
« Reply #1 on: May 16, 2008, 05:59 PM »
This is the DEBIAN AND RELATED DISTROS (like the *ubuntu family) related bug, right, not a general OpenSSL vulnerability?

If so, the idea is that if your PRNG isn't seeded with random-enough data (the worst example being seeding it with a time(0) call, effectively using the current data as a seed), hackers/crackers can substantially reduce the time it takes to brute-force the protection. This has happened with at least one software protection scheme as well, there was a fully-working keygen out for asprotect some years ago, for example.
- carpe noctem

Jibz

  • Developer
  • Joined in 2005
  • ***
  • Posts: 1,187
    • View Profile
    • Donate to Member
Re: OpenSSL Vulnerability?
« Reply #2 on: May 17, 2008, 03:25 AM »
This is a Debian-specific vulnerability which does not affect other operating systems which are not based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.

Please note that:

It is important for administrators to note that even if they replace and upgrade the OpenSSL package they must recreate and replace any keys or certificates generated by the broken OpenSSL kit.

housetier

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 1,321
    • View Profile
    • Donate to Member
Re: OpenSSL Vulnerability?
« Reply #3 on: May 17, 2008, 08:52 AM »
You can try this tool http://security.debi...ra/dowkd/dowkd.pl.gz to check for weak keys. Updated packages for Debian and Ubuntu also include programs (ssh-vulnkey, openssl-vulnkey) to check for weak keys.

I have found one trusted key on one of the workstations. Luckily it was only from a laptop that no longer exists.

Eóin

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,401
    • View Profile
    • Donate to Member
Re: OpenSSL Vulnerability?
« Reply #4 on: May 17, 2008, 11:01 AM »
While an somewhat innocent mistake I find it very worrying that the Debian developers would make code changes in such a critical library :(

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: OpenSSL Vulnerability?
« Reply #5 on: May 17, 2008, 11:05 AM »
While an somewhat innocent mistake I find it very worrying that the Debian developers would make code changes in such a critical library :(
Very much so, especially because they simply removed those "oh, they're making trouble" lines instead of trying to fix the problem. And considering how nazi Debian are about STABLE, this is extra troublesome.
- carpe noctem

Gothi[c]

  • DC Server Admin
  • Charter Honorary Member
  • Joined in 2006
  • ***
  • Posts: 873
    • View Profile
    • linkerror
    • Donate to Member
Re: OpenSSL Vulnerability?
« Reply #6 on: May 17, 2008, 03:59 PM »
And here is an exploit for it.
Run it on your system and see what you get.
I don't have any debian based systems to test it on though.