OpenSSL packages contain a predictable random number generator(Updated)

OpenSSL packages contain a predictable random number generator(Updated)



 
                                                   JPCERT-AT-2008-0008
                                                             JPCERT/CC
                                            2008-05-16 (First edition)
                                                  2008-05-19 (Updated)

                  <<< JPCERT/CC Alert 2008-05-16 >>>

    OpenSSL packages contain a predictable random number generator

             http://www.jpcert.or.jp/at/2008/at080008.txt

I. Overview

  OpenSSL packages included in distributions such as Debian GNU/Linux
and Ubuntu contain a vulnerability that generates predictable random
numbers. As a result, a remote attacker may decode encrypted
communication or bypass public key authentication that uses a
certificate.

  When a key pair for OpenSSH public key authentication is created
using the vulnerable OpenSSL library, unauthorized access through a
brute force attack may be possible.

  As of May 16, 2008, multiple exploit code samples have been made
public. JPCERT/CC#&39;s scan data acquisition system has not observed
any scans that are likely to exploit this vulnerability. However,
attention is still required.

  Other packages such as OpenVPN and OpenSWAN that use the OpenSSL
libraries are also indirectly affected.


II. Products Affected

  Affected products and versions are as follows:

    - Debian GNU/Linux 4.0 (etch) and its derived versions
      - Ubuntu 7.04 (Feisty)
      - Ubuntu 7.10 (Gutsy)
      - Ubuntu 8.04 LTS (Hardy)

  Debian GNU/Linux up to 3.1 (Sarge) is not affected by this
vulnerability. Debian-based distributions other than the above may
also be affected.

*** Update: Revised on May 19, 2008 **********************************

  Execute the following command to check the version of OpenSSL.

  # dpkg -s openssl

  In Debian GNU/Linux 4.0 (etch), this vulnerability has been solved
since version 0.9.8c-4etch3.

**********************************************************************

  For more information, refer to the distributors#&39; websites.


III. Solution

  Server administrators should update the OpenSSL package to the
latest version if an applicable distribution is used. Then,
regenerate SSH keys and SSL certificates.

  Already created vulnerable keys and certificates may be registered
in a server. Server administrators are strongly recommended to make
sure that the keys registered by users are not vulnerable even when
the OS is not based on Debian. Debian Project has released tools
including dowkd.pl and ssh-vulnkey to find vulnerable keys.

For details, refer to the following information:

    DSA-1571-1 openssl -- Predictable random number generation
    http://www.debian.org/security/2008/dsa-1571

    DSA-1576-1 openssh -- Predictable random number generator
    http://www.debian.org/security/2008/dsa-1576


IV. References

*** Update: Added on May 16, 2008 ************************************

    JVNVU#925211
    Debian and Ubuntu OpenSSL packages contain a predictable random
      number generator
    http://jvn.jp/cert/JVNVU925211/index.html

**********************************************************************

*** Update: Added on May 19, 2008 ************************************

    OpenSSL package vulnerability and its effects (SSH keys and SSL
      certificates)
    http://www.debian.or.jp/blog/openssl_package_and_its_vulnerability.html

    Ubuntu Security Notice USN-612-1
    openssl vulnerability
    http://www.ubuntu.com/usn/usn-612-1

**********************************************************************

    US-CERT Vulnerability Notes VU#925211
    http://www.kb.cert.org/vuls/id/925211

    Debian and Ubuntu OpenSSL and OpenSSH Vulnerabilities
    http://www.us-cert.gov/current/index.html#debian_openssl_vulnerability

    Check tool for SSH keys (debian.org)
    http://security.debian.org/project/extra/dowkd/dowkd.pl.gz
    http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.asc

    Key Rollover
    http://www.debian.org/security/key-rollover/


If you have any information you could provide regarding this alert,
please contact us.

__________

Revision history
2008-05-16 First edition
2008-05-16 Added URLs as references
2008-05-19 Revised the description of the version check method, added
           a link to the signature file of the check tool, and changed
           the distributer of the tool from debian.org to Debian 
           Project



======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: 03-3518-4600  FAX: 03-3518-4602 
http://www.jpcert.or.jp/
Top
Privacy Policy
TOP

About JPCERT/CC

Incident Response

Vulnerability Handling

Control System Security

Documents

Published information

APCERT

What's new !!

Related organizations

OpenSSL packages contain a predictable random number generator(Updated)
