Vulnerabilidade no gerador de números aleatórios do OpenSSL
Debian Security Advisory DSA-1571
[CAIS, 13.05.2008]
O CAIS está repassando o alerta do Debian intitulado "DSA-1571-1 openssl - predictable random number generator", que trata de uma vulnerabilidade no gerador de números aleatórios da biblioteca OpenSSL presente em sistemas Debian e derivados.
A biblioteca OpenSSL é utilizada por diversas ferramentas para oferecer serviços de criptografia de conexões, geração de certificados e chaves criptográficas.
Devido a uma modificação introduzida pelo Debian no pacote OpenSSL original, existe uma vulnerabilidade na geração de números aleatórios, o que faz com que essas aplicações gerem sempre um número limitado e pequeno de chaves criptográficas. Com isso um atacante de posse de uma lista dessas chaves pode realizar ataques de força bruta contra as aplicações e conseguir acesso ao conteúdo criptografado.
É importante notar que esta vulnerabilidade existe apenas no pacote distribuído com Debian e seus derivados, como Ubuntu. Pacotes vulneráveis incluem OpenSSH, OpenVPN, certificados X.509 gerados com as ferramentas OpenSSL, entre outros.
Esta atualização também corrige outras duas vulnerabilidades detectadas no pacote OpenSSL, sendo que uma delas permite a um atacante executar código malicioso remotamente em sistemas vulneráveis.
http://www.rnp.br/cais/alertas/2008/debian-dsa-1571.html
Debian and Ubuntu users: fix your keys/certificates NOW
Couple of days ago Swa posted a diary about a critical Debian/Ubuntu PRNG security vulnerability.
Today Matt wrote in to let us know that H D Moore posted a web page containing all SSH 1024, 2048 and 4096-bit RSA keys he brute forced.
It is obvious that this is highly critical – if you are running a Debian or Ubuntu system, and you are using keys for SSH authentication (ironically, that's something we've been recommending for a long time), and those keys were generated between September 2006 and May 13th 2008 then you are vulnerable. In other words, those secure systems can be very easily brute forced. What's even worse, H D Moore said that he will soon release a brute force tool that will allow an attacker easy access to any SSH account that uses public key authentication.
But this is not all – keep in mind that ANY cryptographic material created on vulnerable systems can be compromised. If you generated SSL keys on such Debian or Ubuntu systems, you will have to recreate the certificates and get them signed again. An attacker can even decrypt old SSH sessions now.
The Debian project guys released a tool that can detect weak keys (it is not 100% correct though as the blacklist in the tool can be incomplete). You can download the tool from http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.
The bottom line is: this is very, very, very serious and scary. Please check your systems and make sure that you are both patched, and that you regenerated any potentially weak cryptographic material.
http://isc.sans.org/diary.html?storyid=4421
INFOCon yellow: update your Debian generated keys/certs ASAP
Published: 2008-05-15,
Last Updated: 2008-05-15 15:30:39 UTC
by Bojan Zdrnja (Version: 2)
As you can see, we raised the INFOCon level to yellow. The main idea
behind INFOCon is to protect the Internet infrastructure at large, and
the development on automated scripts exploiting key based SSH
authentication looks like a real threat to SSH servers around the world
(any SSH server using public keys that were generated on a vulnerable
Debian machine ? meaning ? the keys had to be generated on a Debian
machine between September 2006 and 13th of May 2008).
Note: 'Debian' in the above paragraph refers to any Debian-based Linux
distribution including Ubuntu.
Scripts that allow brute forcing of vulnerable keys (see this as rainbow
tables for SSH keys) are in the wild so we would like to remind all of
you to regenerate SSH keys ASAP.
Please keep in mind that SSL certificates should be regenerated as well.
This can be even more problematic if you had your certificates signed
since you'll have to go through this process again (and possibly pay
money again).
More information is available in our previous diaries:
http://isc.sans.org/diary.html?storyid=4420
http://isc.sans.org/diary.html?storyid=4414