OpenSSL flaw in Debian Linux discovered

May 14, 2008 // 12:11 p.m.

Tags: #crackers #cryptography #debian #flaw #keys #linux #openssl #random #rng #security

If you're a Linux user sitting content in the knowledge that your open-source operating system is free from the security issues that plague other operating systems then you might want to double-check your system before breaking out the smug grin, as the Debian team has highlighted a rather embarrassing flaw in their Linux distribution.

The Debian distribution – upon which popular desktop Linux distributions including Ubuntu, Kubuntu, and Damn Small Linux are built – has been distributing a version of the OpenSSL encryption package with a random number generator that turns out not be quite as random as you might like.

Computer encryption relies on the generation of pseudo-random numbers. While a truly random number generator isn't possible without recourse to an external source of entropy, by salting the RNG with user-provided input such as a recent keystrokes, mouse usage and network traffic data it's possible to get darn close. If the random number generator produces a predictable output, an attacker can decrypt supposedly secure data by simply working out what numbers were fed to the encryption algorithm.

The issue stems from a bug fix to the OpenSSL package, which was first introduced back in 2006 in version 0.9.8c-1. This version, and all subsequent versions, rely on a random number generator which produces guessable results – a big no-no for cryptography purposes. Debian-based systems that use the Secure SHell (SSH), OpenVPN, DNSSEC, and users of X.509 certificates that have been generated on such systems are compromised by the flaw, as are DSA signing keys as used by the GNU Privacy Guard package.

The flaw in the OpenSSL package is specific to the version distributed with Debian and Debian-based Linux distributions – other versions including Fedora, Slackware, and Gentoo and their variants are not affected.

The issue, along with a few other flaws, is resolved in the latest version of the Debian OpenSSL implementation, 0.9.8c-4etch3. If you're running a vulnerable version – and I know I am – then it would be a very good idea to upgrade now, and regenerate cryptographic keys once you've got it installed.

Any Windows users want to point and laugh now the shoe is on the other foot, or perhaps you're an AIX user shaking your head at the antics of these Johnny-come-latelys? Share your thoughts over in the forums.