Re: [SECURITY] [DSA 1575-1] New Linux 2.6.18 packages fix denial of service
On Mon, May 12, 2008 at 05:31:32PM -0600, dann frazier wrote: On Mon, May 12, 2008 at 11:52:27PM +0100, Dominic Hargreaves wrote: Is there any reason this has been labelled as a DoS rather than an potential arbitrary code execution issue (which http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1669 suggests it is) - eg are there mitigating circumstances in the Debian kernel? At the time I prepared this upload, I was under the impression that this was a potential arbitrary code execution issue (with no known exploit). However, while preparing the DSA I didn't find convincing evidence that this was more than a DoS. I could of course be wrong, and if I am I'll be happy to update the advisory. Thanks for the response. It's possible I'm misreading the Impact Type jargon in the URL above. As another datapoint I note that http://www.securityfocus.com/bid/29076/discuss lists it as a DoS. Cheers, Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
On Tue, May 13, 2008 at 02:06:39PM +0200, Florian Weimer wrote: A detector for known weak key material will be published at: http://security.debian.org/project/extra/dowkd/dowkd.pl.gz http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.asc (OpenPGP signature) On stable I get close is not a valid DB_File macro at /home/pkern/dowkd.pl line 51. Kind regards, Philipp Kern -- .''`. Philipp Kern Debian Developer : :' : http://philkern.de Debian Release Assistant `. `' xmpp:[EMAIL PROTECTED] `-finger pkern/[EMAIL PROTECTED] signature.asc Description: Digital signature
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
On Tue, May 13, 2008 at 02:06:39PM +0200, Florian Weimer wrote: It is strongly recommended that all cryptographic key material which has been generated by OpenSSL versions starting with 0.9.8c-1 on Debian systems is recreated from scratch. Does openssh store the generation date in the SSH keypair? If so, then could some guru post a way to retrieve that? -- Marcin Owsiany [EMAIL PROTECTED] http://marcin.owsiany.pl/ GnuPG: 1024D/60F41216 FE67 DA2D 0ACA FC5E 3F75 D6F6 3A0D 8AA0 60F4 1216 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Broken link on Debian CVE Web page (Was: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
On 13/05/2008, Stephane Bortzmeyer wrote: By the way, the page http://www.debian.org/security/cve-compatibility has a link http://security-tracker.debian.org/, labeled The Debian Security Tracker has the canonical list of CVE names, corresponding Debian packages, and this link is broken: there is no security-tracker.debian.org. Just in case you don't know about it yet, try .net. Mraw, KiBi. pgpGke0BxVdhq.pgp Description: PGP signature
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
* Dominic Hargreaves: On Tue, May 13, 2008 at 02:06:39PM +0200, Florian Weimer wrote: http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.asc (OpenPGP signature) This URL 404s (but the tool URL doesn't... possibly encouraging bad practice in running unverified code) Yeah, sorry about that. There used to be a .sig, though. Should be fixed now. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
* Marcin Owsiany: On Tue, May 13, 2008 at 02:06:39PM +0200, Florian Weimer wrote: It is strongly recommended that all cryptographic key material which has been generated by OpenSSL versions starting with 0.9.8c-1 on Debian systems is recreated from scratch. Does openssh store the generation date in the SSH keypair? As far as I can tell, it doesn't. There is only the file date as an indicator, which is pretty weak. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
very bad news On Tue, 13 May 2008 14:06:39 +0200, Florian Weimer [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1571-1 [EMAIL PROTECTED] http://www.debian.org/security/ Florian Weimer May 13, 2008 http://www.debian.org/security/faq - Package: openssl Vulnerability : predictable random number generator Problem type : remote Debian-specific: yes CVE Id(s) : CVE-2008-0166 Luciano Bello discovered that the random number generator in Debian's openssl package is predictable. This is caused by an incorrect Debian-specific change to the openssl package (CVE-2008-0166). As a result, cryptographic key material may be guessable. This is a Debian-specific vulnerability which does not affect other operating systems which are not based on Debian. However, other systems can be indirectly affected if weak keys are imported into them. It is strongly recommended that all cryptographic key material which has been generated by OpenSSL versions starting with 0.9.8c-1 on Debian systems is recreated from scratch. Furthermore, all DSA keys ever used on affected Debian systems for signing or authentication purposes should be considered compromised; the Digital Signature Algorithm relies on a secret random value used during signature generation. The first vulnerable version, 0.9.8c-1, was uploaded to the unstable distribution on 2006-09-17, and has since propagated to the testing and current stable (etch) distributions. The old stable distribution (sarge) is not affected. Affected keys include SSH keys, OpenVPN keys, DNSSEC keys, and key material for use in X.509 certificates and session keys used in SSL/TLS connections. Keys generated with GnuPG or GNUTLS are not affected, though. A detector for known weak key material will be published at: http://security.debian.org/project/extra/dowkd/dowkd.pl.gz http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.asc (OpenPGP signature) Instructions how to implement key rollover for various packages will be published at: http://www.debian.org/security/key-rollover/ This web site will be continously updated to reflect new and updated instructions on key rollovers for packages using SSL certificates. Popular packages not affected will also be listed. In addition to this critical change, two other vulnerabilities have been fixed in the openssl package which were originally scheduled for release with the next etch point release: OpenSSL's DTLS (Datagram TLS, basically SSL over UDP) implementation did not actually implement the DTLS specification, but a potentially much weaker protocol, and contained a vulnerability permitting arbitrary code execution (CVE-2007-4995). A side channel attack in the integer multiplication routines is also addressed (CVE-2007-3108). For the stable distribution (etch), these problems have been fixed in version 0.9.8c-4etch3. For the unstable distribution (sid) and the testing distribution (lenny), these problems have been fixed in version 0.9.8g-9. We recommend that you upgrade your openssl package and subsequently regenerate any cryptographic material, as outlined above. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - --- Source archives: http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch3.dsc Size/MD5 checksum: 1099 5e60a893c9c3258669845b0a56d9d9d6 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c.orig.tar.gz Size/MD5 checksum: 3313857 78454bec556bcb4c45129428a766c886 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch3.diff.gz Size/MD5 checksum:55320 f0e457d6459255da86f388dcf695ee20 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch3_alpha.deb Size/MD5 checksum: 1025954 d82f535b49f8c56aa2135f2fa52e7059 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch3_alpha.deb Size/MD5 checksum: 4558230 399adb0f2c7faa51065d4977a7f3b3c4 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch3_alpha.deb Size/MD5 checksum: 2620892
Re: [SECURITY] [DSA 1565-1] New Linux 2.6.18 packages fix several vulnerabilities
* Stephen Gran schrieb: I also do some rummaging around to figure out what the meta package is currently depending on, so that I know what vesion Debian currently considers newest, then compare that to /proc/version. That only works for etch and newer kernel images, though, so I think I'll fall back to Noah's method for older machines. I use a small script for Nagios checks that I give the supposed-to-be booted kernel (e.g. 2.6.18-6-686). I'll change that to have the option to check /proc/version instead of uname -r. I'm more comfortable with changing the Nagios configuration for each kernel update than by relying on some up-to-date APT cache to determine the current kernel. But I guess that's a matter of taste. Cheers, Mike signature.asc Description: Digital signature
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
On Tuesday 13 of May 2008, Dominic Hargreaves wrote: On Tue, May 13, 2008 at 02:06:39PM +0200, Florian Weimer wrote: http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.asc (OpenPGP signature) This URL 404s (but the tool URL doesn't... possibly encouraging bad practice in running unverified code) I seems to be another typo. Correct URL is apparently this: http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.sig Instructions how to implement key rollover for various packages will be published at: http://www.debian.org/security/key-rollover/ This URL 404s too. They state it WILL be published, but didn't say when... Thanks for your efforts on this issue so far - obviously a bit of a nightmare. Cheers, Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- S pozdravem Vladislav Kurz === WebStep, s.r.o. (Ltd.) = a step to the Web === address: Mezirka 1, 602 00 Brno, CZ, tel: +420 548 214 711 === www.webstep.net === [EMAIL PROTECTED] === -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Am Dienstag, den 13.05.2008, 16:02 +0200 schrieb Daniel Leidert: Am Dienstag, den 13.05.2008, 15:27 +0200 schrieb Philipp Kern: On Tue, May 13, 2008 at 02:06:39PM +0200, Florian Weimer wrote: A detector for known weak key material will be published at: http://security.debian.org/project/extra/dowkd/dowkd.pl.gz http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.asc (OpenPGP signature) On stable I get close is not a valid DB_File macro at /home/pkern/dowkd.pl line 51. $ ./dowkd.pl help close is not a valid DB_File macro at ./dowkd.pl line 51 Well, something is broken (sid here). It was dowkd.db, which I broke. Forget my comment. Regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Broken link on Debian CVE Web page (Was: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
On Tue, May 13, 2008 at 03:44:24PM +0200, Cyril Brulebois [EMAIL PROTECTED] wrote a message of 31 lines which said: By the way, the page http://www.debian.org/security/cve-compatibility has a link http://security-tracker.debian.org/, labeled The Debian Security Tracker has the canonical list of CVE names, corresponding Debian packages, and this link is broken: there is no security-tracker.debian.org. Just in case you don't know about it yet, try .net. Nice and useful but the Web page should be fixed, anyway. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
On Tue, May 13, 2008 at 04:17:03PM +0200, Florian Weimer wrote: The $db-close call is wrong, you can just remove it, or download the new version (where this should be fixed). Works now, thanks. Kind regards, Philipp Kern -- .''`. Philipp Kern Debian Developer : :' : http://philkern.de Debian Release Assistant `. `' xmpp:[EMAIL PROTECTED] `-finger pkern/[EMAIL PROTECTED] signature.asc Description: Digital signature
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
* Florian Weimer [EMAIL PROTECTED] [2008-05-13 14:06 +0200]: Luciano Bello discovered that the random number generator in Debian's openssl package is predictable. This is caused by an incorrect Debian-specific change to the openssl package (CVE-2008-0166). As a result, cryptographic key material may be guessable. The diffs http://svn.debian.org/viewsvn/pkg-openssl/openssl/trunk/rand/md_rand.c?rev=141view=diffr1=141r2=140p1=openssl/trunk/rand/md_rand.cp2=/openssl/trunk/rand/md_rand.c and http://svn.debian.org/viewsvn/pkg-openssl/openssl/trunk/crypto/rand/md_rand.c?rev=300view=diffr1=300r2=299p1=openssl/trunk/crypto/rand/md_rand.cp2=/openssl/trunk/crypto/rand/md_rand.c (I got them from http://www.links.org/?p=327) suggest, that only half of the problem was fixed. Is this correct? Nicolas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
* Nicolas Rachinsky: The diffs http://svn.debian.org/viewsvn/pkg-openssl/openssl/trunk/rand/md_rand.c?rev=141view=diffr1=141r2=140p1=openssl/trunk/rand/md_rand.cp2=/openssl/trunk/rand/md_rand.c and http://svn.debian.org/viewsvn/pkg-openssl/openssl/trunk/crypto/rand/md_rand.c?rev=300view=diffr1=300r2=299p1=openssl/trunk/crypto/rand/md_rand.cp2=/openssl/trunk/crypto/rand/md_rand.c (I got them from http://www.links.org/?p=327) suggest, that only half of the problem was fixed. Is this correct? No, the other hunk is benign. It mixes data from the target buffer of RAND_bytes into the pool, and this is completely optional (because it's not guaranteed that this data is random anyway). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Am Dienstag, den 13.05.2008, 15:27 +0200 schrieb Philipp Kern: On Tue, May 13, 2008 at 02:06:39PM +0200, Florian Weimer wrote: A detector for known weak key material will be published at: http://security.debian.org/project/extra/dowkd/dowkd.pl.gz http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.asc (OpenPGP signature) On stable I get close is not a valid DB_File macro at /home/pkern/dowkd.pl line 51. $ ./dowkd.pl help close is not a valid DB_File macro at ./dowkd.pl line 51 Well, something is broken (sid here). Regards, Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Broken link on Debian CVE Web page (Was: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Am Dienstag, den 13.05.2008, 15:51 +0200 schrieb Stephane Bortzmeyer: On Tue, May 13, 2008 at 03:44:24PM +0200, packages, and this link is broken: there is no security-tracker.debian.org. Just in case you don't know about it yet, try .net. Nice and useful but the Web page should be fixed, anyway. Of course, am having the change sitting in my local repository, will commit it as soon as it's possible again. So long, Rhonda signature.asc Description: Dies ist ein digital signierter Nachrichtenteil
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Florian Weimer said: The first vulnerable version, 0.9.8c-1, was uploaded to the unstable distribution on 2006-09-17, and has since propagated to the testing and current stable (etch) distributions. The old stable distribution (sarge) is not affected. The information about sarge is not consistent with http://security-tracker.debian.net/tracker/CVE-2008-0166: Source Package Release Version Status openssl (PTS) sarge, sarge (security) 0.9.7e-3sarge5 vulnerable etch0.9.8c-4etch1 vulnerable etch (security) 0.9.8c-4etch3 fixed lenny, sid 0.9.8g-10 fixed Who's right here ? -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFIKaRiBi3LpOkEzmoRAmnRAJ9aufBTNW+4lsY7W3QI3AE/lnJmhQCeMNrt 9hO+vDycKey8spJCPHN56Ng= =3Hdv -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Hello, Am Dienstag, 13. Mai 2008 schrieb [EMAIL PROTECTED]: [] openssl - predictable random number generator very bad news indeed - since I have to chip certificates for multiple OpenVPN networks :( (This time, I'll do it on OpenBSD ;) However, I'm curious: I could this happen? (Although I'm not paranoid in general, I'm a little bit tensed right now ...) Thanks Keep smiling yanosz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
OoO En ce début d'après-midi nuageux du mardi 13 mai 2008, vers 14:06, Florian Weimer [EMAIL PROTECTED] disait: Package: openssl Vulnerability : predictable random number generator Some other random questions: - It seems that firefox does not handle CRL unless manually imported, correct? This means that in most cases already issued certificates are still vulnerable even revoked. A quick look seems to show that most software do not handle CRL at all. - As a maintainer of a package that have generated certificates using OpenSSL, how should we handle the issue? For the last question, I see several solutions: - the user has to read the DSA and handle it himself - an helper package will be provided and each package should register key locations (in a bug report against the package for example); those keys will be checked and the user will be warned about weak keys. Moreover, each package will generate a short help message explaining how to regenerate keys. This helper package will be shipped in security and uploaded with a libssl depending on it - the helper package can also be used directly by the package that should call some magic function in postinst ; the bad news with this approach is that we should upload a security release for each impacted package. Any thoughts? -- panic(IRQ, you lose...); 2.2.16 /usr/src/linux/arch/mips/sgi/kernel/indy_int.c -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
On Tue, May 13, 2008 at 07:38:27PM +, Sam Morris wrote: On Tue, 13 May 2008 21:29:53 +0200, Vincent Bernat wrote: - It seems that firefox does not handle CRL unless manually imported, correct? This means that in most cases already issued certificates are still vulnerable even revoked. A quick look seems to show that most software do not handle CRL at all. Yes, x509 is fundamentally broken in the first place. and how! see http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt for more in this vein. I never tire of reading that file ... Regards, Paddy -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Hello, Am Dienstag, 13. Mai 2008 schrieb Vincent Bernat: OoO En ce début d'après-midi nuageux du mardi 13 mai 2008, vers 14:06, Florian Weimer [EMAIL PROTECTED] disait: Package: openssl Vulnerability : predictable random number generator Some other random questions: - It seems that firefox does not handle CRL unless manually imported, correct? This means that in most cases already issued certificates are still vulnerable even revoked. A quick look seems to show that most software do not handle CRL at all. - As a maintainer of a package that have generated certificates using OpenSSL, how should we handle the issue? For the last question, I see several solutions: - the user has to read the DSA and handle it himself Since some keys are generated automatically, (e.g. ssh host keys) users will have to regenerate keys,they haven't generated in the first place and might not be aware of their existens. That's bad. Keep smiling yanosz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
On Tue, May 13, 2008 at 3:52 PM, Jan Luehr [EMAIL PROTECTED] wrote: For the last question, I see several solutions: - the user has to read the DSA and handle it himself Since some keys are generated automatically, (e.g. ssh host keys) users will have to regenerate keys,they haven't generated in the first place and might not be aware of their existens. That's bad. The only instructions I've seen for regenerating host keys include shutting down the sshd server. This is impossible in some servers I have, so is there another way? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
OoO En cette soirée bien amorcée du mardi 13 mai 2008, vers 22:21, John Keimel [EMAIL PROTECTED] disait: Since some keys are generated automatically, (e.g. ssh host keys) users will have to regenerate keys,they haven't generated in the first place and might not be aware of their existens. That's bad. The only instructions I've seen for regenerating host keys include shutting down the sshd server. This is impossible in some servers I have, so is there another way? Restarting OpenSSH do not close existing connections. -- panic(esp: what could it be... I wonder...); 2.2.16 /usr/src/linux/drivers/scsi/esp.c pgp94W592trkG.pgp Description: PGP signature
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Jan Luehr wrote: Hello, Am Dienstag, 13. Mai 2008 schrieb Corey Hickey: Jan Luehr wrote: Hello, Am Dienstag, 13. Mai 2008 schrieb Vincent Bernat: OoO En ce début d'après-midi nuageux du mardi 13 mai 2008, vers 14:06, Florian Weimer [EMAIL PROTECTED] disait: Package: openssl Vulnerability : predictable random number generator Some other random questions: - It seems that firefox does not handle CRL unless manually imported, correct? This means that in most cases already issued certificates are still vulnerable even revoked. A quick look seems to show that most software do not handle CRL at all. - As a maintainer of a package that have generated certificates using OpenSSL, how should we handle the issue? For the last question, I see several solutions: - the user has to read the DSA and handle it himself Since some keys are generated automatically, (e.g. ssh host keys) users will have to regenerate keys,they haven't generated in the first place and might not be aware of their existens. That's bad. Unless I'm gravely mistaken, SSH keys aren't affected by this vulnerability. OpenSSH and OpenSSL are separate, and your ssh program generated its own keys. As stated in the DSA: »Affected keys include SSH keys, OpenVPN keys, DNSSEC keys, and key material for use in X.509 certificates and session keys used in SSL/TLS connections. Keys generated with GnuPG or GNUTLS are not affected, though.« Yeah, I just realized OpenSSH uses libSSL; sorry for the noise. -Corey -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
On Tue, May 13, 2008 at 4:31 PM, Vincent Bernat [EMAIL PROTECTED] wrote: OoO En cette soirée bien amorcée du mardi 13 mai 2008, vers 22:21, John Keimel [EMAIL PROTECTED] disait: Since some keys are generated automatically, (e.g. ssh host keys) users will have to regenerate keys,they haven't generated in the first place and might not be aware of their existens. That's bad. The only instructions I've seen for regenerating host keys include shutting down the sshd server. This is impossible in some servers I have, so is there another way? Restarting OpenSSH do not close existing connections. Yes, that's correct. I agree. But the instructions I saw were for 'shutting down the SSHD server' - not just 'restarting it'. That's why I asked. I think Ian's suggestion will work just fine for me though, so I'll give that a go. Thanks folks. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Hello, Am Dienstag, 13. Mai 2008 schrieb Corey Hickey: Jan Luehr wrote: Hello, Am Dienstag, 13. Mai 2008 schrieb Vincent Bernat: OoO En ce début d'après-midi nuageux du mardi 13 mai 2008, vers 14:06, Florian Weimer [EMAIL PROTECTED] disait: Package: openssl Vulnerability : predictable random number generator Some other random questions: - It seems that firefox does not handle CRL unless manually imported, correct? This means that in most cases already issued certificates are still vulnerable even revoked. A quick look seems to show that most software do not handle CRL at all. - As a maintainer of a package that have generated certificates using OpenSSL, how should we handle the issue? For the last question, I see several solutions: - the user has to read the DSA and handle it himself Since some keys are generated automatically, (e.g. ssh host keys) users will have to regenerate keys,they haven't generated in the first place and might not be aware of their existens. That's bad. Unless I'm gravely mistaken, SSH keys aren't affected by this vulnerability. OpenSSH and OpenSSL are separate, and your ssh program generated its own keys. As stated in the DSA: »Affected keys include SSH keys, OpenVPN keys, DNSSEC keys, and key material for use in X.509 certificates and session keys used in SSL/TLS connections. Keys generated with GnuPG or GNUTLS are not affected, though.« Keep smiling yanosz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Jan Luehr wrote: Hello, Am Dienstag, 13. Mai 2008 schrieb Vincent Bernat: OoO En ce début d'après-midi nuageux du mardi 13 mai 2008, vers 14:06, Florian Weimer [EMAIL PROTECTED] disait: Package: openssl Vulnerability : predictable random number generator Some other random questions: - It seems that firefox does not handle CRL unless manually imported, correct? This means that in most cases already issued certificates are still vulnerable even revoked. A quick look seems to show that most software do not handle CRL at all. - As a maintainer of a package that have generated certificates using OpenSSL, how should we handle the issue? For the last question, I see several solutions: - the user has to read the DSA and handle it himself Since some keys are generated automatically, (e.g. ssh host keys) users will have to regenerate keys,they haven't generated in the first place and might not be aware of their existens. That's bad. Unless I'm gravely mistaken, SSH keys aren't affected by this vulnerability. OpenSSH and OpenSSL are separate, and your ssh program generated its own keys. -Corey -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
OoO En cette soirée bien amorcée du mardi 13 mai 2008, vers 22:38, John Keimel [EMAIL PROTECTED] disait: Restarting OpenSSH do not close existing connections. Yes, that's correct. I agree. But the instructions I saw were for 'shutting down the SSHD server' - not just 'restarting it'. Then, shutting down the SSHD server do not close existing connections (unless you kill them manually on purpose, of course!). -- Document your data layouts. - The Elements of Programming Style (Kernighan Plauger) pgpORFNvxEaI5.pgp Description: PGP signature
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Hello, Am Dienstag, 13. Mai 2008 schrieb John Keimel: On Tue, May 13, 2008 at 4:31 PM, Vincent Bernat [EMAIL PROTECTED] wrote: OoO En cette soirée bien amorcée du mardi 13 mai 2008, vers 22:21, John Keimel [EMAIL PROTECTED] disait: Since some keys are generated automatically, (e.g. ssh host keys) users will have to regenerate keys,they haven't generated in the first place and might not be aware of their existens. That's bad. The only instructions I've seen for regenerating host keys include shutting down the sshd server. This is impossible in some servers I have, so is there another way? Restarting OpenSSH do not close existing connections. Yes, that's correct. I agree. But the instructions I saw were for 'shutting down the SSHD server' - not just 'restarting it'. That's why I asked. I think Ian's suggestion will work just fine for me though, so I'll give that a go. rm /etc/ssh/ssh_host_* ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' /etc/init.d/ssh restart - job done. Keep smiling yanosz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
On Tue, May 13, 2008 at 10:53:25PM +0200, Jan Luehr wrote: rm /etc/ssh/ssh_host_* ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' /etc/init.d/ssh restart - job done. Keep smiling yanosz Shorter one: rm /etc/ssh/ssh_host_* dpkg-reconfigure openssh-server Greetings, Dererk signature.asc Description: Digital signature
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
On May 13, 2008, at 2:35 PM, dererk wrote: On Tue, May 13, 2008 at 10:53:25PM +0200, Jan Luehr wrote: rm /etc/ssh/ssh_host_* ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' /etc/init.d/ssh restart - job done. Keep smiling yanosz Shorter one: Upgrading openssl before reconfiguring: apt-get update apt-get upgrade rm /etc/ssh/ssh_host_* dpkg-reconfigure openssh-server Greetings, Dererk -gorkhe -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
CHAO BAN
MOI BAN VAO XEM WEBSITE HAY www.thongtri.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Jan Luehr wrote: However, I'm curious: [how] could this happen? This is the best explanation I've seen so far : http://it.slashdot.org/comments.pl?sid=551636cid=23392602 I have no idea if it's correct, but it sounds very plausible. If there was any mistake it may have been to try too hard to get a warning-free run from valgrind. Contrary to some reports that Debian should have discussed the proposed faulty fix with the OpenSSL devs in 2006, note that the Debian developer involved *did* try to discuss the proposed changes with the OpenSSL devs, and was not warned against the idea : http://marc.info/?t=11465108893r=1w=2 As the /. post says, Hats off to the reviewer who picked up on the problem. Cheers, Nick Boyce -- Leave the Olympics in Greece, where they belong. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
