US-CERT Technical Cyber Security Alert TA08-137A -- Debian/Ubuntu OpenSSL Random Number Generator Vulnerability

[US-CERT Technical Alerts <technical-alerts@xxxxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

	   National Cyber Alert System
   
   Technical Cyber Security Alert TA08-137A


Debian/Ubuntu OpenSSL Random Number Generator Vulnerability

   Original release date: May 16, 2008
   Last revised: --
   Source: US-CERT

Systems Affected

     * Debian, Ubuntu, and Debian-based distributions

Overview

   A  vulnerability  in  the  OpenSSL  package  included  with the Debian
   GNU/Linux   operating  system  and  its  derivatives  may  cause  weak
   cryptographic keys to be generated. Any package that uses the affected
   version of SSL could be vulnerable.

I. Description

   A  vulnerabiliity  exists  in  the random number generator used by the
   OpenSSL  package included with the Debian GNU/Linux, Ubuntu, and other
   Debian-based   operating   systems.   This  vulnerability  causes  the
   generated numbers to be predictable.

   The result of this error is that certain encryption keys are much more
   common  than  they should be. This vulnerability affects cryptographic
   applications  that  use  keys  generated by the flawed versions of the
   OpenSSL package. Affected keys include, but may not be limited to, SSH
   keys,  OpenVPN  keys,  DNSSEC  keys, and key material for use in X.509
   certificates  and  session  keys  used  in SSL/TLS connections. Any of
   these keys generated using the affected systems on or after 2006-09-17
   may be vulnerable. Keys generated with GnuPG, GNUTLS, ccrypt, or other
   encryption  utilities  that  do  not  use  OpenSSL  are not vulnerable
   because these applications use their own random number generators.

II. Impact

   A  remote,  unauthenticated  attacker  may be able to guess secret key
   material.  The  attacker may also be able to gain authenticated access
   to    the   system   through   the   affected   service   or   perform
   man-in-the-middle attacks.

III. Solution

Upgrade

   Debian  and  Ubuntu have released fixed versions of OpenSSL to address
   this  issue. System administrators can use the ssh-vulnkey application
   to  check  for  compromised  or weak SSH keys. After applying updates,
   clients using weak keys may be refused by servers.

Workaround

   Until  updates can be applied, administrators and users are encouraged
   to  restrict  access  to  vulnerable servers. Debian- and Ubuntu-based
   systems   can   use   iptables,   iptables   configuration  tools,  or
   tcp-wrappers to limit access.


IV. References

 * DSA-1571-1 openssl - predictable random number generator  -
   <http://www.debian.org/security/2008/dsa-1571>
     
 * Debian wiki - SSL keys - <http://wiki.debian.org/SSLkeys>
     
 * Ubuntu OpenSSL vulnerability -
   <http://www.ubuntu.com/usn/usn-612-1>
     
 * Ubuntu OpenSSH vulnerability -
   <http://www.ubuntu.com/usn/usn-612-2>
     
 * Ubuntu OpenVPN vulnerability -
   <http://www.ubuntu.com/usn/usn-612-3>Ubuntu SSL-cert vulnerability

 * Ubuntu OpenSSH update - <http://www.ubuntu.com/usn/usn-612-5>
     
 * Ubuntu OpenVPN regression - <http://www.ubuntu.com/usn/usn-612-6>
     
 * OpenVPN regression - <http://www.ubuntu.com/usn/usn-612-6>


 _________________________________________________________________

  The most recent version of this document can be found at:

    <http://www.us-cert.gov/cas/techalerts/TA08-137A.html>
 _________________________________________________________________

  Feedback can be directed to US-CERT Technical Staff. Please send
  email to <cert@xxxxxxxx> with "TA08-137A Feedback VU#925211" in the
  subject.
 _________________________________________________________________

  For instructions on subscribing to or unsubscribing from this
  mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 _________________________________________________________________

  Produced 2008 by US-CERT, a government organization.

  Terms of use:

    <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________

  Revision History

  May 16, 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBSC3OLvRFkHkM87XOAQIY6Qf/RywAJKkMBte71mgV+XKHOFH9yLy+vOGs
HlC35oyfpijFSPI1TyYpN9vvpvfhL8DDDG6/dNBt+u1uVskcurb5Rh1UMmpEEFg0
kVGos6JDD18T6JpfgvEY9k+4iVAGApNirEYRDsKFVRho/3CaJQ6Tdp/jf3NEzmNE
DPgsEA0n825kBd0dr/v3yT5S9wYsn5x9n6OfyHShXVwYPK/V3jEXbU0uZo0Nt7HX
L0FIVTz5tMWIm1LoTsh+GeE0dsnsg/0+qf1jRRq66GQ+3eMGO/wepTbUmqGCXF0s
I+O756V/mDxrPePJRNcpCjtGZCEjtMNJ4fZPQhosxbNVPpvDV5rGlQ==
=93LZ
-----END PGP SIGNATURE-----