Executive Summary

Summary
Title Debian and Ubuntu OpenSSL packages contain a predictable random number generator
Informations
Name VU#925211 First vendor Publication 2008-05-15
Vendor VU-CERT Last vendor Modification 2008-06-03
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:N/A:N)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#925211

Debian and Ubuntu OpenSSL packages contain a predictable random number generator

Overview

A vulnerability in the OpenSSL package included with the Debian GNU/Linux operating system and its derivatives may cause weak cryptographic keys to be generated.

I. Description

A weakness exists in the random number generator used by the OpenSSL package included with the Debian GNU/Linux operating system and derivative systems that causes the generated numbers to be predictable. As a result of this weakness, certain encryption keys are much more common than they should be. This vulnerability affects cryptographic applications that use keys generated by the flawed versions of the OpenSSL package. Affected keys include SSH keys, OpenVPN keys, DNSSEC keys, and key material for use in X.509 certificates and session keys used in SSL/TLS connections. Any of these keys generated using the affected systems on or after 2006-09-17 may be vulnerable. Keys generated with GnuPG or GNUTLS on the affected systems are not vulnerable because these applications use their own random number generators and not the one from the flawed version of OpenSSL.

Note that this vulnerability is specific to Debian, Ubuntu Linux and other Debian-derived operating systems. Other systems can be indirectly affected if weak keys generated by the vulnerable systems are imported into them.

II. Impact

A remote, unauthenticated attacker with minimal knowledge of the vulnerable system and the ability to conduct a brute force attack against an affected application may be able to guess secret key material. Secondary impacts include authenticated access to the system through the affected service or the ability to perform man-in-the-middle attacks.

III. Solution

Apply a patch from the vendor and regenerate key material


Patches have been release by the affected vendors. Users are encouraged to review the Systems Affected section of this document and apply the updates it refers to.

Due to the nature of the flaw, any key material generated by the vulnerable versions of the OpenSSL package should be considered fatally defective. Additionally, all DSA keys ever used on affected Debian systems for signing or authentication purposes should be considered compromised since the Digital Signature Algorithm relies on a secret random value used during signature generation. After the software updates are applied, this key material must be regenerated with the updated version of the software. Vendor-specific instructions for doing this can also be found in the Systems Affected section of this document.

Systems Affected

VendorStatusDate Updated
Debian GNU/LinuxVulnerable15-May-2008
UbuntuVulnerable15-May-2008

References


http://www.debian.org/security/2008/dsa-1571
http://www.debian.org/security/2008/dsa-1576
http://security.debian.org/project/extra/dowkd/dowkd.pl.gz
http://www.debian.org/security/key-rollover/
http://metasploit.com/users/hdm/tools/debian-openssl/
http://wiki.debian.org/SSLkeys
http://research.swtch.com/2008/05/lessons-from-debianopenssl-fiasco.html
http://www.links.org/?p=328

Credit

Thanks to Florian Weimer of the Debian security team for reporting this vulnerability. Debian, in turn, credits Luciano Bello with discovering this issue.

This document was written by Chad R Dougherty.

Other Information

Date Public05/13/2008
Date First Published05/15/2008 09:56:09 AM
Date Last Updated06/03/2008
CERT Advisory 
CVE NameCVE-2008-0166
US-CERT Technical Alerts 
Metric7.20
Document Revision12

Original Source

Url : http://www.kb.cert.org/vuls/id/925211

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-59 Session Credential Falsification through Prediction
CAPEC-112 Brute Force
CAPEC-281 Analytic Attacks

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-338 Use of Cryptographically Weak PRNG

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:17595
 
Oval ID: oval:org.mitre.oval:def:17595
Title: USN-612-3 -- openvpn vulnerability
Description: Once the update is applied, weak shared encryption keys and SSL/TLS certificates will be rejected where possible (though they cannot be detected in all cases).
Family: unix Class: patch
Reference(s): USN-612-3
CVE-2008-0166
Version: 7
Platform(s): Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04
Product(s): openvpn
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17688
 
Oval ID: oval:org.mitre.oval:def:17688
Title: USN-612-1 -- openssl vulnerability
Description: A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems.
Family: unix Class: patch
Reference(s): USN-612-1
CVE-2008-0166
Version: 7
Platform(s): Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17770
 
Oval ID: oval:org.mitre.oval:def:17770
Title: USN-612-2 -- openssh vulnerability
Description: A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems.
Family: unix Class: patch
Reference(s): USN-612-2
CVE-2008-0166
Version: 5
Platform(s): Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04
Product(s): openssh
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17774
 
Oval ID: oval:org.mitre.oval:def:17774
Title: USN-612-4 -- ssl-cert vulnerability
Description: USN-612-1 fixed vulnerabilities in openssl.
Family: unix Class: patch
Reference(s): USN-612-4
CVE-2008-0166
Version: 7
Platform(s): Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04
Product(s): ssl-cert
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17807
 
Oval ID: oval:org.mitre.oval:def:17807
Title: USN-612-7 -- openssh update
Description: USN-612-2 introduced protections for OpenSSH, related to the OpenSSL vulnerabilities addressed by USN-612-1.
Family: unix Class: patch
Reference(s): USN-612-7
CVE-2008-0166
Version: 5
Platform(s): Ubuntu 6.06
Product(s): openssh
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 254
Os 4
Os 1

OpenVAS Exploits

Date Description
2009-03-23 Name : Ubuntu Update for openssh vulnerability USN-612-2
File : nvt/gb_ubuntu_USN_612_2.nasl
2009-03-23 Name : Ubuntu Update for openvpn vulnerability USN-612-3
File : nvt/gb_ubuntu_USN_612_3.nasl
2009-03-23 Name : Ubuntu Update for ssl-cert vulnerability USN-612-4
File : nvt/gb_ubuntu_USN_612_4.nasl
2009-03-23 Name : Ubuntu Update for openssh update USN-612-7
File : nvt/gb_ubuntu_USN_612_7.nasl
2008-09-04 Name : USN-612-1 through USN-612-11: OpenSSL vulnerability (openssl)
File : nvt/ubuntu_usn-612.nasl
2008-05-27 Name : Debian Security Advisory DSA 1571-1 (openssl)
File : nvt/deb_1571_1.nasl
2008-05-27 Name : Debian Security Advisory DSA 1576-1 (openssh)
File : nvt/deb_1576_1.nasl
2008-05-27 Name : Debian Security Advisory DSA 1576-2 (openssh)
File : nvt/deb_1576_2.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
45503 Ubuntu Linux ssh-vulnkey authorized_keys Unspecified Options Key Guessing Wea...

45029 OpenSSL on Debian/Ubuntu Linux Predictable Random Number Generator (RNG) Cryp...

Nessus® Vulnerability Scanner

Date Description
2013-03-09 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-612-1.nasl - Type : ACT_GATHER_INFO
2013-03-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-612-2.nasl - Type : ACT_GATHER_INFO
2008-05-22 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-612-7.nasl - Type : ACT_GATHER_INFO
2008-05-19 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1576.nasl - Type : ACT_GATHER_INFO
2008-05-16 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-612-3.nasl - Type : ACT_GATHER_INFO
2008-05-16 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-612-4.nasl - Type : ACT_GATHER_INFO
2008-05-16 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-612-5.nasl - Type : ACT_GATHER_INFO
2008-05-15 Name : The remote SSH host is set up to accept authentication with weak Debian SSH k...
File : ssh_debian_find_weak_keys.nasl - Type : ACT_GATHER_INFO
2008-05-15 Name : The remote SSL certificate uses a weak key.
File : ssl_debian_weak.nasl - Type : ACT_GATHER_INFO
2008-05-14 Name : The remote SSH host keys are weak.
File : ssh_debian_weak.nasl - Type : ACT_GATHER_INFO
2008-05-13 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1571.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2016-01-30 13:25:35
  • Multiple Updates
2013-05-11 00:57:29
  • Multiple Updates