|
|
 Up |
|
|
  |
Author: Ignoramus17861Ignoramus17861 Date: May 13, 2008 19:27
In regards to this giant fuckup:
http://www.ubuntu.com/usn/usn-612-2
What exactly is the impact of this vulnerability?
1) Does it let a attacker, who has listening ability on a local
network, to intercept keys? (ie reduce security of SSH to that of telnet)
2) Does it allow an attacker, who does NOT have a listening ability,
to log on to remote machines using known weak keys? (ie brute force a
fully remote machine)
Just what is the extent of this sad story?
As I use ssh and keys a lot, this means that I had to spend a lot of
time fixing all the trust network that I have. I think that I am done,
finally.
--
Due to extreme spam originating from Google Groups, and their inattention
to spammers, I and many others block all articles originating
from Google Groups. If you want your postings to be seen by
more readers you will need to find a different means of
posting on Usenet.
http://improve-usenet.org/
|
| |
|
| | 38 Comments |
|
|
Author: Adam W.Adam W. Date: May 13, 2008 21:16
Ignoramus17861 wrote:
>
> What exactly is the impact of this vulnerability?
It was first introduced on 2006-09-17 in Debian unstable.
If your key-pair was generated on a Debian or derivative system it must be
regenerated. If a DSA key was used on an affected system it must be
regenerated. see: http://www.debian.org/security/key-rollover/
While keys generated with GnuPG or GNUTLS are not effected if they were used
for signing or authentication on an affected system they should be
regenerated. Make new key-pairs, sign with old keys, revoke old keys. >
> 1) Does it let a attacker, who has listening ability on a local
> network, to intercept keys? (ie reduce security of SSH to that of telnet)
|
| Show full article (2.14Kb) |
|
| | no comments |
|
|
Author: Ignoramus17861Ignoramus17861 Date: May 14, 2008 01:19
On 2008-05-14, sk8r-365 sk8r.debian.etch.invalid.org> wrote:> Feverishly pounding upon a keyboard Ignoramus17861 typed:
>
>
> "A weakness has been discovered in the random number generator used by
> OpenSSL on Debian and Ubuntu systems. As a result of this weakness,
> certain encryption keys are much more common than they should be, such
> that an attacker could guess the key through a brute-force attack given
> minimal knowledge of the system. This particularly affects the use of
> encryption keys in OpenSSH."
>
> Follow the instructions from the URL you provided:
>
> "Once the update is applied, weak user keys will be automatically
> rejected where possible (though they cannot be detected in all cases). ...
|
| Show full article (1.71Kb) |
| no comments |
|
|
Author: Joseph AshwoodJoseph Ashwood Date: May 14, 2008 01:55
"Ignoramus17861" wrote in message
news:mcKdndL0Xr01PbfVnZ2dnUVZ_qzinZ2d@giganews.com...>> "A weakness has been discovered in the random number generator used by
>> OpenSSL on Debian and Ubuntu systems. As a result of this weakness,
>> certain encryption keys are much more common than they should be, such
>> that an attacker could guess the key through a brute-force attack given
>> minimal knowledge of the system. This particularly affects the use of
>> encryption keys in OpenSSH."
> Well, my question was, what opportunities for attackes does this
> provide?
You should consider this to remove all security of SSH, and any other
program that uses the dev random pool. It isn't quite that bad, but it is
very close.
|
| Show full article (1.34Kb) |
| no comments |
|
|
Author: phil-news-nospamphil-news-nospam Date: May 14, 2008 03:58
In comp.security.ssh Ignoramus17861 wrote:
| In regards to this giant fuckup:
|
| http://www.ubuntu.com/usn/usn-612-2
|
| What exactly is the impact of this vulnerability?
|
| 1) Does it let a attacker, who has listening ability on a local
| network, to intercept keys? (ie reduce security of SSH to that of telnet)
The private keys themselves are not sent. The cipher key for the session is.
But I don't know if that key can be reproduced from a session playback once
the blackhat has guessed the authentication key.
| 2) Does it allow an attacker, who does NOT have a listening ability,
| to log on to remote machines using known weak keys? (ie brute force a
| fully remote machine)
Based on what I read, it is the authentication key that may be weak. You
have a fair chance of having generated a weak authentication key. If so,
the blackhat has a fair chance of guessing what that key is, and pretending
to be you to access hosts.
|
| Show full article (2.04Kb) |
| no comments |
|
|
|
|
|
Author: Ignoramus12901Ignoramus12901 Date: May 14, 2008 05:36
On 2008-05-14, phil-news-nospam@ ipal.net ipal.net> wrote:> In comp.security.ssh Ignoramus17861 wrote:
>| In regards to this giant fuckup:
>|
>| http://www.ubuntu.com/usn/usn-612-2
>|
>| What exactly is the impact of this vulnerability?
>|
>| 1) Does it let a attacker, who has listening ability on a local
>| network, to intercept keys? (ie reduce security of SSH to that of telnet)
>
> The private keys themselves are not sent. The cipher key for the session is.
> But I don't know if that key can be reproduced from a session playback once
> the blackhat has guessed the authentication key.
That's the 64,000 dollar question.
|
| Show full article (2.39Kb) |
| no comments |
|
|
Author: Ignoramus12901Ignoramus12901 Date: May 14, 2008 06:31
On 2008-05-14, Joseph Ashwood msn.com> wrote:> "Ignoramus17861" wrote in message
> news:mcKdndL0Xr01PbfVnZ2dnUVZ_qzinZ2d@giganews.com...>>> "A weakness has been discovered in the random number generator used by
>>> OpenSSL on Debian and Ubuntu systems. As a result of this weakness,
>>> certain encryption keys are much more common than they should be, such
>>> that an attacker could guess the key through a brute-force attack given
>>> minimal knowledge of the system. This particularly affects the use of
>>> encryption keys in OpenSSH."
>
>> Well, my question was, what opportunities for attackes does this
>> provide?
>
> You should consider this to remove all security of SSH, and any other
> program that uses the dev random pool. It isn't quite...
|
| Show full article (2.04Kb) |
| no comments |
|
|
Author: Mark WoodingMark Wooding Date: May 14, 2008 07:41
Ignoramus12901 wrote:
> What do you mean, "remove all security of SSH".
>
> Do you mean that this mistake fully undermined SSH security?
Very nearly.
* If you generated your private key with a broken version of
ssh-keygen then you lose. The attacker can work out your private
key easily and impersonate you to everyone.
* Worse, if you authenticated yourself to anyone using a DSA key using
a broken ssh client, then you lose. The attacker can recover your
private key, and impersonate you as before. This happens regardless
of when the DSA key was generated.
* If your server generated its key with a broken version of ssh-keygen
then you lose. The attacker can impersonate the server and use this
to collect passwords you type in, persuade you to believe in lies or
whatever.
|
| Show full article (2.03Kb) |
| no comments |
|
|
|
|
|
Author: Ignoramus12901Ignoramus12901 Date: May 14, 2008 08:10
Mark, thanks a lot for a finally, very detailed reply leaving no
questions unanswered. I worked hard last night to upgrade all machines
that are on or near internet and replaced all vulnerable keys.
Do you know if there are any known exploit scripts written to exploit
this vulnerability?
I wrote this shell script to check for keys:
#!/bin/bash
test -d ~myuserid/tmp || mkdir ~myuserid/tmp; chmod 711 ~myuserid/tmp
test -e ~myuserid/tmp/dowkd.pl || (cd ~myuserid/tmp && wget http://security.debian.org/project/extra/dowkd/dowkd.pl.gz && gunzip dowkd.pl.gz && chmod 755 dowkd.pl)
chown myuserid ~myuserid/tmp
perl ~myuserid/tmp/dowkd.pl file {/root,/home/*}/.ssh/{*.pub,authorized_keys} | sed s/^/`hostname`:/
|
| |
| no comments |
|
|
|
|
|
|
