OpenSSH Vulnerabilities

It seems that public key authentication isn't as save as you might have thought. That is if you're using a Debian based OpenSSH solution. This package can be found in many Linux distributions like;

  • Debian (duh ;) )
  • Ubuntu
  • Kubuntu
  • etc.

The problem is that the random number generator (which is of vital importance in generating key-pairs) isn't as random as you might think. It seems that there are only about 30.000 combinations in this specific generator. This leaves the door wide open for brute-force attacks.

So, the first you must do is update your OpenSSH software, and generate new keypairs for all devices / users which might have keys which were generated with the vulnerable OpenSSH software. Softwarepackages depending on OpenSSH are;

  • OpenVPN
  • DNSSEC
  • OpenSSH
  • Certificates used in TLS connections
  • etc.

More info on the subject can be found here [1, 2, 3].

Posted on May 20, 2008 and filed under Linux, News, Security, Software.