Warning: gigantic foulup in key generation in at least Debian, affects OpenSSL and OpenSSH
Debian screwed up bigtime. You can read about it here. (lwn.net is normally a pay service; this is a free link to try to encourage you to subscribe. Very much worth doing so if you are a Linux person.)
Short form: due to miscommunication with the OpenSSL team, the Debian maintainers removed two lines from the OpenSSL library that used uninitialized memory. This fixed a bug, but it also very very very badly constrained the keyspace of generated certificates and keys. This means that virtually any key or certificate you have generated on Debian for quite a long time (maybe as long as two years?) is not secure, and needs to be replaced AT ONCE. Pronto. Chop-chop.
Massive pain. Massive disruption. This is really bad. If you're a Linux admin, you've got a busy day or two ahead.
It's only keys in the Etch release and those derived from it (Ubuntu 7.04, 7,10, 8.04, probably some versions of KNOPPIX, and more). If you have keys generated from an older release, they should be fine.
This includes a lot more than people might think. For example, if you have SSL websites running on Debian-based servers, you may need new SSL certs. Most certificate authorities will re-sign your SSL keys for free.
Details: http://metasploit.com/users/hdm/tools/debian-openssl/
List of standard applications in Debian that would need their keys regenerated: http://wiki.debian.org/SSLkeys
Weak key detection script for SSL and SSH here: http://security.debian.org/project/extra/dowkd/dowkd.pl.gz
I went through all of my Debian boxes yesterday installing the OpenSSH updates that address some of the fallout from this, and as annoying as the whole thing is, I have to say they've done a pretty good job of handling it. Most of my servers were fine, since they were installed pre-Etch, but on my shiny new virtual machines it was very easy to generate new keys, and it was also very easy using the ssh-vulnkey system to scan the system for vulnerable user keys.
I'm just going through the rest of the things that might need fixing up now -- it looks like I'll have to re-issue a few OpenVPN certs, and get one of my SSL certs re-generated, though thankfully the keys for the others were all generated pre-Etch as well. Also thankfully, certificates generated by my own CA (which is a bunch of Python code wrapping OpenSSL) seem to be immune, presumably because the Python wrapper for OpenSSL seeds things properly itself.
Xbox Live: pneuman | my tech/games/rant blag
Looks like I'm good. Only had one weak key which I replaced. Good to go. Nice perl script.
Alternatively you can go to http://www.debian.org/security/ and read both openssh and openssl links and they also describe methods in which to check to see if you are blacklisted or otherwise ok. Yes I was pointing out the obvious to most Debian/Ubuntu superusers out there.
Prederick wrote:
"When fascism comes to America it will be wrapped in a flag and carrying a cross." - Sinclair Lewis.
The good part about all of this is how quickly a fix was in place after the problem was noticed.
Even that was screwed up. The checkin that fixed the patch happened seven days before the rest of the world was notified... people only started to notice the problem when they saw a massive increase in brute-force SSH attempts.
This was entirely mishandled, top to bottom. It's a disaster in every respect.