A recent vulnerability was found in the OpenSSL package as provided by Debian and Debian-based Linux distributions, such as Ubuntu, that broke the effectiveness of the OpenSSL PRNG (Predictable Random Number Generator). This vulnerability caused OpenSSL to generate weak keys for anything relying on OpenSSL, including SSL certificates, OpenSSH keys, and OpenVPN keys.

(...)
Read the rest of Fix for weak OpenSSL/OpenSSH keys in Debian (337 words)

Add to del.icio.us

Search blogs linking this post with Technorati

Want more on these topics ? Browse the archive of posts filed under Security.

---
Related Articles at Debian Admin:

Howto perform UDP tunneling through SSH connection

How to add a Disclaimer To Outgoing Emails in Postfix

Howto Crack Rar, 7z, and zip files in Linux

sshpass - Non-interactive ssh password authentication

How to filter spam with Spamassassin and Postfix in Debian

autossh - Automatically restart SSH sessions and tunnels

Debian: Debian Admin Step By Step Tutorials and articles with screenshots

Security Debian openssl openssh fix for weak

Fix for OpenSSL/SSH/VPN Vulnerability in Ubuntu 7.04/7.10/8.04

Tuesday, May 20, 2008

A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN
and SSL certificates.You can check Ubuntu security notice from here

(...)
Read the rest of Fix for OpenSSL/SSH/VPN Vulnerability in Ubuntu 7.04/7.10/8.04 (303 words)

© admin for Ubuntu Geek, 2008. | Permalink | 5 comments | Add to del.icio.us digg
Who's linking ? Technorati BlogPulse Google
Want more on these topics ? Browse the archive of posts filed under Security, Server.