Debian package of OpenSSL generates weak keys
Since a faulty patch in 2006, the OpenSSL library used by Linux distribution Debian has been generating weak cryptographic keys. Security expert Luciano Bello has now discovered a critical vulnerability in the OpenSSL package which makes the random number sequences, and therefore keys generated, predictable. The problem only affects Debian and distributions derived from it, such as Ubuntu and Knoppix. Versions of the OpenSSL package for Debian in which this bug, plus two other less serious security problems, have been fixed are now available. Other distributions are likely to follow Debian’s lead shortly.
OpenSSL provides connection security for many important network services, such as the Apache web server, the SSH login service, the OpenVPN service, the Bind name server, S/MIME e-mail encryption and the trustworthiness of digital signatures. This could enable attackers to listen in on and manipulate SSL connections, obtain unauthorised access to SSH servers or poison DNS server caches. Encryption systems such as PGP and GnuPG, which are not based on SSL or TLS, are not affected.
According to a Debian security advisory, all OpenSSL packages since version 0.9.8c-1 released on 17th September 2006 generate vulnerable random numbers. The Debian maintainers advise users and administrators to generate new versions of all certificates and keys generated by vulnerable versions after installing the OpenSSL update. Weak X.509 certificates should, where necessary, be revoked. According to the advisory, text and signatures encrypted using such certificates should also be considered compromised.
The development team plan to publish details of the steps required to rollover keys for various packages on a web site set up specifically for this purpose, shortly. A Perl script which can test SSH servers and SSH and OpenVPN key files for the vulnerability is also available to download. Bello has not yet revealed the cryptographic intricacies of the vulnerability, presumably for fear of early exploit release.
- (DSA 1571-1) New openssl packages fix predictable random number generator, security advisory from Debian