by axis 2008-05-16 http://www.ph4nt0m.org
The Debian OpenSSL package the algorithms have problems, random number generation is actually in the process pid in the selection, lead to the generation of key can be exhaustive
The following extract from the metasploit blog The Bug On May 13th, 2 0 0 8 the Debian project announced that Luciano Bello found an interesting vulnerability in the OpenSSL package they were distributing. The bug in question was caused by the removal of the following line of code from md_rand. c
MD_Update(&m,buf,j); [ .. ] MD_Update(&m,buf,j); / purify complains /
These lines were removed because they caused the Valgrind and Purify tools to produce warnings about the use of uninitialized data in any code that was linked to OpenSSL. You can see one such report to the OpenSSL team here. Removing this code has the side effect of crippling the seeding process for the OpenSSL PRNG. Instead of mixing in random data for the initial seed, the only “random” value that was used was the current process ID. On the Linux platform, the default maximum process ID is 32,768, resulting in a very small number of seed values being used for all PRNG operations.
All in 2 0 0 6. 9 December 2 0 0 8. 5. 1 3 of debian on the platform-generated key are affected. debian soon to fix this vulnerability, and gives the blacklists, and custom search tools.
Attack tools should soon will appear, metasploit has to generate a key database, you can use a similar rainbow method to query, you can directly brute force the ssh key.
Now just waiting for the worm when it appeared.
Because of this vulnerability more serious, it is hereby recorded by this memory control.
Related links: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=363516 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=363516 http://metasploit.com/users/hdm/tools/debian-openssl/ http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/61666 http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/61606 http://www.debian.org/security/2008/dsa-1571