Author Topic: OpenSSL Vulnerability? (Read 8768 times)

mouser · « **on:** May 16, 2008, 11:47 AM »

This sounds awful.. Anyone with a better background in security want to jump in and tell us how big a deal this is in practice?

Almost two years ago in 2006 Debian decided to clean up their OpenSSL implementation. They found a few lines of code that were causing Valgrind and Purify to complain about access to uninitialized memory. Without a major investigation into the purpose of the suspect lines of code they were simply removed.
...
For the purposes of all the OpenSSL algorithms there was no deficiency. Encryption and decryption and hashes would be calculated correctly. The problem was that the PRNG used for generating keys by the OpenSSL library had been crippled when those critical lines were removed back in 2006. This was not discovered until just this week when Luciano Bello discovered that without those lines the only ‘random’ data used to seed the PRNG was the PID of the OpenSSL process. On many Linux systems the PID is limited to a positive signed 16 bit value. This means there are only 32,767 possibilities. When new keys and certificates were generated by OpenSSL they relied on this number to provide all of their entropy.

http://www.avertlabs...-cleanup-gone-wrong/

Screenshot - 5_16_2008 , 11_45_43 AM_thumb.png

ps. I should say that I have come to loathe McAfee in terms of their shoddy and sloppy false positive behavior, but this security blog they have is consistently good.

f0dder · « **Reply #1 on:** May 16, 2008, 05:59 PM »

This is the DEBIAN AND RELATED DISTROS (like the *ubuntu family) related bug, right, not a general OpenSSL vulnerability?

If so, the idea is that if your PRNG isn't seeded with random-enough data (the worst example being seeding it with a time(0) call, effectively using the current data as a seed), hackers/crackers can substantially reduce the time it takes to brute-force the protection. This has happened with at least one software protection scheme as well, there was a fully-working keygen out for asprotect some years ago, for example.

Jibz · « **Reply #2 on:** May 17, 2008, 03:25 AM »

This is a Debian-specific vulnerability which does not affect other operating systems which are not based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.
-Debian Security Advisory

Please note that:

It is important for administrators to note that even if they replace and upgrade the OpenSSL package they must recreate and replace any keys or certificates generated by the broken OpenSSL kit.

housetier · « **Reply #3 on:** May 17, 2008, 08:52 AM »

You can try this tool http://security.debi...ra/dowkd/dowkd.pl.gz to check for weak keys. Updated packages for Debian and Ubuntu also include programs (ssh-vulnkey, openssl-vulnkey) to check for weak keys.

I have found one trusted key on one of the workstations. Luckily it was only from a laptop that no longer exists.

Eóin · « **Reply #4 on:** May 17, 2008, 11:01 AM »

While an somewhat innocent mistake I find it very worrying that the Debian developers would make code changes in such a critical library

f0dder · « **Reply #5 on:** May 17, 2008, 11:05 AM »

While an somewhat innocent mistake I find it very worrying that the Debian developers would make code changes in such a critical library
-Eóin (May 17, 2008, 11:01 AM)

Very much so, especially because they simply removed those "oh, they're making trouble" lines instead of trying to fix the problem. And considering how nazi Debian are about STABLE, this is extra troublesome.

Gothi[c] · « **Reply #6 on:** May 17, 2008, 03:59 PM »

And here is an exploit for it.
Run it on your system and see what you get.
I don't have any debian based systems to test it on though.

Author Topic: OpenSSL Vulnerability? (Read 8768 times)

mouser

OpenSSL Vulnerability?

f0dder

Re: OpenSSL Vulnerability?

Jibz

Re: OpenSSL Vulnerability?

housetier

Re: OpenSSL Vulnerability?

Eóin

Re: OpenSSL Vulnerability?

f0dder

Re: OpenSSL Vulnerability?

Gothi[c]

Re: OpenSSL Vulnerability?