[clug] Debian + SSL security issue

Peter Barker pbarker at barker.dropbear.id.au
Wed May 14 04:27:10 GMT 2008

On Wed, 14 May 2008, Andrew wrote:

> For those who saw the announcement - 
> http://lists.debian.org/debian-security-announce/2008/msg00152.html
> Does anyone have any further indication of how severe this is?  It would mean 
> lots of re-keying for me (nearly 100 boxen all up) :(  The updates don't 
> bother me, as I do them anyhow...

It looks very, very bad.

Apparently (and you're getting this about 4th-hand now ;), the end result 
of Debian's futzing is that only about 260,000 unique private keys would 
ever be generated.

So an attacker could generate all of those and try them one-by-one against 
your server.  Or, if I were him, take one of the keys and try it against 
each of 260,000 boxes that has been previously scanned and is know to be 
running ssh...

I haven't fully digested the information available.  Particularly the 
implications of the session information also using the same 
not-very-well-seeded prng.

Apparently there's also an interesting gotcha suffered by (at least) 
Ubuntu.  Apparently the upgrade to the package will cause compromised keys 
to longer be available for use for user authentication.  If you upgrade 
the package and log out of a machine which you ONLY have access to through 
a "bad" key, then you will be locked out of that machine....

I suggest the first step is to run their analysis tool *everywhere*.

> Andrew Donehue

Peter Barker                          |   Programmer,Sysadmin,Geek.
pbarker at barker.dropbear.id.au	      |   You need a bigger hammer.
:: It's a hack! Expect underscores! - Nigel Williams

More information about the linux mailing list