Lucene search

K
certCERTVU:925211
HistoryMay 15, 2008 - 12:00 a.m.

Debian and Ubuntu OpenSSL packages contain a predictable random number generator

2008-05-1500:00:00
www.kb.cert.org
65

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.09 Low

EPSS

Percentile

94.4%

Overview

A vulnerability in the OpenSSL package included with the Debian GNU/Linux operating system and its derivatives may cause weak cryptographic keys to be generated.

Description

A weakness exists in the random number generator used by the OpenSSL package included with the Debian GNU/Linux operating system and derivative systems that causes the generated numbers to be predictable. As a result of this weakness, certain encryption keys are much more common than they should be. This vulnerability affects cryptographic applications that use keys generated by the flawed versions of the OpenSSL package. Affected keys include SSH keys, OpenVPN keys, DNSSEC keys, and key material for use in X.509 certificates and session keys used in SSL/TLS connections. Any of these keys generated using the affected systems on or after 2006-09-17 may be vulnerable. Keys generated with GnuPG or GNUTLS on the affected systems are not vulnerable because these applications use their own random number generators and not the one from the flawed version of OpenSSL.

Note that this vulnerability is specific to Debian, Ubuntu Linux and other Debian-derived operating systems. Other systems can be indirectly affected if weak keys generated by the vulnerable systems are imported into them.


Impact

A remote, unauthenticated attacker with minimal knowledge of the vulnerable system and the ability to conduct a brute force attack against an affected application may be able to guess secret key material. Secondary impacts include authenticated access to the system through the affected service or the ability to perform man-in-the-middle attacks.


Solution

Apply a patch from the vendor and regenerate key material

Patches have been release by the affected vendors. Users are encouraged to review the Systems Affected section of this document and apply the updates it refers to.

Due to the nature of the flaw, any key material generated by the vulnerable versions of the OpenSSL package should be considered fatally defective. Additionally, all DSA keys ever used on affected Debian systems for signing or authentication purposes should be considered compromised since the Digital Signature Algorithm relies on a secret random value used during signature generation. After the software updates are applied, this key material must be regenerated with the updated version of the software. Vendor-specific instructions for doing this can also be found in the Systems Affected section of this document.


Vendor Information

925211

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Debian GNU/Linux __ Affected

Updated: May 15, 2008

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The Debian project has published Debian Security Advisories DSA-1571 and DSA-1576 in response to this issue. Users are encouraged to review the advisories, apply the patches they refer to, then follow the instructions for regenerating key material for applications.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23925211 Feedback>).

Ubuntu __ Affected

Updated: May 15, 2008

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The Ubuntu Project has published the following security advisories in response to this issue:

* [USN-612-1](&lt;http://www.ubuntu.com/usn/usn-612-1&gt;)
* [USN-612-2](&lt;http://www.ubuntu.com/usn/usn-612-2&gt;)
* [USN-612-3](&lt;http://www.ubuntu.com/usn/usn-612-3&gt;)
* [USN-612-4](&lt;http://www.ubuntu.com/usn/usn-612-4&gt;)
* [USN-612-5](&lt;http://www.ubuntu.com/usn/usn-612-5&gt;)
* [USN-612-6](&lt;http://www.ubuntu.com/usn/usn-612-6&gt;)

Users are encouraged to review the advisories, apply the patches they refer to, then follow any instructions they provide for regenerating key material for applications.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23925211 Feedback>).

CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Acknowledgements

Thanks to Florian Weimer of the Debian security team for reporting this vulnerability. Debian, in turn, credits Luciano Bello with discovering this issue.

This document was written by Chad R Dougherty.

Other Information

CVE IDs: CVE-2008-0166
Severity Metric: 7.20 Date Public:

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.09 Low

EPSS

Percentile

94.4%