Wednesday, May 14, 2008

Debian predictable PRNG fiasco

I am a big fan of Debian and Ubuntu- but not a big fan of gaping, ginormous security holes. The "predictable Pseudo Random Number Generator" OpenSSL vulnerability in Debian (and Ubuntu, and other Debian variants) leaves a gaping hole not only in those systems, but systems which are using keys from vulnerable systems. Patches need to be applied and keys regenerated, and we probably only have a couple of days before exploit code is loose. From the Debian Security Advisory:

"It is strongly recommended that all cryptographic key material which has been generated by OpenSSL versions starting with 0.9.8c-1 on Debian systems is recreated from scratch. Furthermore, all DSA keys ever used on affected Debian systems for signing or authentication purposes should be considered compromised; the Digital Signature Algorithm relies on a secret random value used during signature generation."

Rather than mangle a technical discussion of the issue, here are some actually useful references:

  • Debian Security Advisory DSA-1571-1
  • Ubuntu Security Notice USN-612-1
  • NVD summary of CVE-2008-0166
  • Article at ZDNet Australia
  • SANS ISC Diary entry
    • Note, misidentifies the problem as being with OpenSSH- the root problem is with OpenSSL, which extends to OpenSSH.
  • Not directly related, but worrisome coincidence, SANS ISC post on SSH brute-force attacks.
    • This one's very real. I may have seen a pile of systems' doorknobs rattled on port 22 in something I get paid to do.

In review, we have stuff to do. And, the if word "predictable" can be used to describe your "random" process, you have a problem.