US-CERT Technical Cyber Security Alert TA08-137A -- Debian/Ubuntu OpenSSL Random Number Generator Vulnerability

National Cyber Alert System
Technical Cyber Security Alert TA08-137A

Debian/Ubuntu OpenSSL Random Number Generator Vulnerability

Original release date: May 16, 2008
Last revised: --
Source: US-CERT

Systems Affected

Debian, Ubuntu, and Debian-based distributions

Overview

A vulnerability in the OpenSSL package included with the Debian GNU/Linux operating system and its derivatives may cause weak cryptographic keys to be generated. Any package that uses the affected version of SSL could be vulnerable.

I. Description

A vulnerabiliity exists in the random number generator used by the OpenSSL package included with the Debian GNU/Linux, Ubuntu, and other Debian-based operating systems. This vulnerability causes the generated numbers to be predictable.

The result of this error is that certain encryption keys are much more common than they should be. This vulnerability affects cryptographic applications that use keys generated by the flawed versions of the OpenSSL package. Affected keys include, but may not be limited to, SSH keys, OpenVPN keys, DNSSEC keys, and key material for use in X.509 certificates and session keys used in SSL/TLS connections. Any of these keys generated using the affected systems on or after 2006-09-17 may be vulnerable. Keys generated with GnuPG, GNUTLS, ccrypt, or other encryption utilities that do not use OpenSSL are not vulnerable because these applications use their own random number generators.

II. Impact

A remote, unauthenticated attacker may be able to guess secret key material. The attacker may also be able to gain authenticated access to the system through the affected service or perform man-in-the-middle attacks.

III. Solution

Upgrade

Debian and Ubuntu have released fixed versions of OpenSSL to address this issue. System administrators can use the ssh-vulnkey application to check for compromised or weak SSH keys. After applying updates, clients using weak keys may be refused by servers.

Workaround

Until updates can be applied, administrators and users are encouraged to restrict access to vulnerable servers. Debian- and Ubuntu-based systems can use iptables, iptables configuration tools, or tcp-wrappers to limit access.

IV. References

DSA-1571-1 openssl -- predictable random number generator - <http://www.debian.org/security/2008/dsa-1571>
Debian wiki - SSL keys - <http://wiki.debian.org/SSLkeys>
Ubuntu OpenSSL vulnerability - <http://www.ubuntu.com/usn/usn-612-1>
Ubuntu OpenSSH vulnerability - <http://www.ubuntu.com/usn/usn-612-2>
Ubuntu OpenVPN vulnerability - <http://www.ubuntu.com/usn/usn-612-3>
Ubuntu SSL-cert vulnerability - <http://www.ubuntu.com/usn/usn-612-4>
Ubuntu OpenSSH update - <http://www.ubuntu.com/usn/usn-612-5>
Ubuntu OpenVPN regression - <http://www.ubuntu.com/usn/usn-612-6>
OpenVPN regression - <http://www.ubuntu.com/usn/usn-612-6>
Vulnerability Note VU#925211 - <http://www.kb.cert.org/vuls/id/925211>

Feedback can be directed to US-CERT.

Produced 2008 by US-CERT, a government organization. Terms of use

Revision History

May 16, 2008: Initial release

Last updated May 16, 2008

US-CERT: United States Computer Emergency Readiness Team