The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Debian: predictable openssl randoms

Synthesis of the vulnerability 

Keys generated by the openssl package of Debian 4.0 are predictable.
Impacted products: ProxySG par Blue Coat, Debian, StoneGate Firewall, StoneGate IPS.
Severity of this bulletin: 4/4.
Creation date: 13/05/2008.
Références of this threat: BID-29179, CERTA-2008-AVI-239, CERTA-2008-AVI-246, CVE-2008-0166, DSA-1571-1, DSA-1576-1, DSA-1576-2, VIGILANCE-VUL-7821, VU#925211.

Description of the vulnerability 

The openssl package of Debian is a modified version of OpenSSL.

However, these changes generate predictable keys.

Keys generated for following applications are potentially impacted:
 - X.509 certificates (apache, etc.)
 - DNSSEC
 - OpenVPN
 - SSH

Keys generated for following applications are not impacted:
 - GnuPG
 - GNUTLS

An attacker can therefore predict keys generated by the openssl package of Debian, in order for example to spoof the identity of a client or a server.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer weakness note impacts software or systems such as ProxySG par Blue Coat, Debian, StoneGate Firewall, StoneGate IPS.

Our Vigil@nce team determined that the severity of this security bulletin is critical.

The trust level is of type confirmed by the editor, with an origin of internet client.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a beginner ability can exploit this weakness announce.

Solutions for this threat 

Debian: new openssl/openssh packages.
New packages are available:
  http://security.debian.org/pool/updates/main/o/openssl/*_0.9.8c-4etch3_*.deb
  http://security.debian.org/pool/updates/main/o/openssh/*_4.3p2-9etch2_*.deb
Then all keys (X.509 certificates, SSH, OpenVPN, DNSSEC) have to be regenerated. The procedure will be indicated on:
  http://www.debian.org/security/key-rollover/
For example, for the ssh server :
  ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
  ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
  /etc/init.d/ssh restart
For each ssh user:
  ssh-keygen -t dsa
  ssh-keygen -t rsa
A tool detects known weak keys (non-exhaustive):
  http://security.debian.org/project/extra/dowkd/dowkd.pl.gz

StoneGate: solution for OpenSSL of Debian.
StoneGate Firewall and VPN versions 4.2.0 and 4.2.1 contain the Debian generator and thus generate predictable keys. Version 4.2.2 is corrected.
StoneGate IPS versions 4.0.0, 4.1.0 to 4.1.2, and 4.2.0 to 4.2.2 contain the Debian generator and thus generate predictable keys. Versions 4.0.1, 4.1.3 and 4.2.3 are corrected.
ALL keys generated on vulnerable versions have to be regenerated as indicated in StoneGate's announce.

Blue Coat: recommendation for OpenSSL from Debian.
Blue Coat products are NOT based on Debian and are not vulnerable.
However, keys generated on Debian may have been imported in Blue Coat products. These keys thus have to be updated.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computers vulnerabilities workaround. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.