[Beowulf] Debian (& derived) OpenSSL problem results in compromised SSH keys & sessions

Chris Samuel csamuel at vpac.org
Wed May 14 17:54:16 PDT 2008


Not directly cluster related, except for the fact that probably
most of us use OpenSSH to connect to and admin our clusters..

http://www.ubuntu.com/usn/usn-612-1

# A weakness has been discovered in the random number generator
# used by OpenSSL on Debian and Ubuntu systems. As a result of
# this weakness, certain encryption keys are much more common
# than they should be, such that an attacker could guess the key
# through a brute-force attack given minimal knowledge of the
# system. This particularly affects the use of encryption keys
# in OpenSSH, OpenVPN and SSL certificates.

The Debian project has a very good wiki page covering the
vulnerability, its impact and what is (and what isn't) affected.

http://wiki.debian.org/SSLkeys

Basically if you've generated SSL certs (& CSRs) or OpenSSH keys
on an affected system then you should revoke and regenerate them.

The Metasploit project has already created a *full list* of all
possible OpenSSH and OpenSSL keys that could possibly be generated
by the affected library [1].

If you have used SSL/https or SSH to connect to or from an affected
system then you should change any passwords sent over the encrypted link.

Additionally if you've used a DSA key to connect to from a system
with a bad OpenSSL then you should consider that compromised through
a DSA specific crypto attack created through this flaw.

There is real concern about the possibility of recovering
the plain text of sessions encrypted through these weak keys,
and as such Debian have randomised all passwords in their
LDAP database to prevent an attacker with previously captured
sessions from now decrypting and using a discovered password.

More on how Debian are handling the impact on their own systems here:

http://lists.debian.org/debian-devel-announce/2008/05/msg00003.html


[1] - Metasploit have already generated an exhaustive list of all
possible keys that could be generated by this flaw, and describe
the impact here:

http://metasploit.com/users/hdm/tools/debian-openssl/

> If we continue this process for all PIDs up to 32,767 and then
> repeat it for 2048-bit RSA keys, we have covered the valid key
> ranges for x86 systems running the buggy version of the OpenSSL
> library. With this key set, we can compromise any user account
> that has a vulnerable key listed in the authorized_keys file.
> This key set is also useful for decrypting a previously-captured
> SSH session, if the SSH server was using a vulnerable host key.

All the best,
Chris
-- 
Christopher Samuel - (03) 9925 4751 - Systems Manager
 The Victorian Partnership for Advanced Computing
 P.O. Box 201, Carlton South, VIC 3053, Australia
VPAC is a not-for-profit Registered Research Agency



More information about the Beowulf mailing list