I. Abstract
It has been found by Luciano Bello that the Debian OpenSSL package has a severe security bug since 2006. By removing some lines of code from the md_rand.c
source code that originally caused the memory check tool Valgrind to alert (see original Debian discussion here) the box of pandorra has been opened and the flaw been introduced.
By removing that specific part of the OpenSSL code, effectively the random seed function has been crippled, and eventually the only random value remaining was the current process ID. Since on linux only a maximum no of 32,768 process IDs exist, the worth of this pseudo random number generator (PRNG) is heavily limited.
Update: a set of instructions has been added under IV. How to fix/repair your server (click here).This shows the steps to a secure server with new SSH server side keys.
Update II: a new fix has been released as of May, 16th (4.3p2-9etch2). You should therefore apply step IV. again to upgrade your SSH package to the recent version.
II. Impact
As a summary based on infos from metasploit.com.
- Debian based distributions are affected aswell (i.e. Ubuntu, Kubuntu, Xubuntu, Edubuntu, Gobuntu etc. pp)
- SSL and SSH keys generated between 09/2006 and 05/2008 are vulerable to brute force attacks
- SSL certificates need recreation and signed again by Certificate Authority
- Certificate Authority keys need to be regenerated and revoked.
- SSH public key authentication on other distributions than Debian may be affected aswell when keys have been generated on Debian systems
- SSH servers using host keys generated on Debian are vulnerably to man-in-the-middle attacks
III. Testing for weakness and vulerability
Debian released a program for testing the vulnerability of keys. Download it here (see OpenPGP signature). You may do the following. Log into your server as root and do:
server$ wget -c http://security.debian.org/project/extra/dowkd/dowkd.pl.gz
server$ gunzip dowk.pl.gz
server$ chmod 700 dowk.pl
server$ ./dowkd.pl host 127.0.0.1
(checks your local SSH host keys)
server$ ./dowkd.pl user
(checks all users available on your system)
Vulnerabilities will be reported. Nonetheless we recommend to apply step IV. How to fix/repair your server (click here).
Before reading on: if this article helps you, please click our non-offensive sponsor (Google-Adsense) and help us maintaining this project free. Thanks…
IV. How to fix/repair your server
Log into your server as root and perform the following steps:
server$ apt-get update
server$ apt-get upgrade
server$ apt-get dist-upgrade
The OpenSSH and OpenSSL packages will be updated then. You will be asked a couple of questions concerning your server configuration. It should be fairly self explaining.
The server side SSH keys (known_host keys on your local machine) will be regenerated. If you still don’t trust your server, you can check your new host keys for vulnerability by entering this:
server$ ssh-vulnkey
(the response should be Not blacklisted
)
server$ ./dowkd.pl user
(if this reports weak keys read on)
Login as user whose keys have been recognized as weak and do the following:
server$ ssh-keygen -t dsa -b 1024
(provide passphrase!)
You should be done now.
V. Tools
H.D. Moore of metasploit.com already prepared Debian toys
and rainbow tables (pre-generated keys) for all possible 32,768 PIDs with up to 4096 bits in keysize that may be used for testing the brute force vulnerability of your systems.
VI. Links:
» debian.org: Security Advisory DSA-1571-1 openssl…
» debian.org: Security Advisory DSA-1576-1 openssh…
» debian.org: Vulnerability test tool… (OpenPGP signature)…
» metasploit.com: OpenSSL Rainbow Tables …