Debian OpenSSL包裏的算法有問題,random number生成居然是在process pid裏選取,導致生成key可窮舉
以下摘自metasploit的blog
The Bug
On May 13th, 2008 the Debian project announced that Luciano Bello found an interesting vulnerability in the OpenSSL package they were distributing. The bug in question was caused by the removal of the following line of code from md_rand.c
MD_Update(&m,buf,j);
[ .. ]
MD_Update(&m,buf,j); /* purify complains */
These lines were removed because they caused the Valgrind and Purify tools to produce warnings about the use of uninitialized data in any code that was linked to OpenSSL. You can see one such report to the OpenSSL team here. Removing this code has the side effect of crippling the seeding process for the OpenSSL PRNG. Instead of mixing in random data for the initial seed, the only “random” value that was used was the current process ID. On the Linux platform, the default maximum process ID is 32,768, resulting in a very small number of seed values being used for all PRNG operations.
所有在2006.9月到2008.5.13的debian平臺上生成的key均受影響。 debian很快修復了此漏洞,並給出了blacklists和自查工具。
攻擊工具應該很快會出現,metasploit已經生成了key的數據庫,可以用類似rainbow的方法去查詢,也可以直接暴力破解ssh key。
現在就等worm什麼時候出現了。
因爲這個漏洞比較嚴重,所以特此記錄,立此存照。
相關鏈接:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=363516
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=363516
http://metasploit.com/users/hdm/tools/debian-openssl/
http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/61666
http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/61606
http://www.debian.org/security/2008/dsa-1571
Debian災難性漏洞
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章
Debian -9.2 安裝 注意
全力A以赴
2019-02-23 00:15:46
Debian 修改網卡IP地址
longjianghu
2019-02-22 23:18:02
申請Windows2008R2學生key
hz022
2019-02-23 13:00:45
python字典排序
ok庫
2019-02-22 23:59:18
scp通過key後臺執行命令
lpwlpw123
2019-02-22 23:52:31
類型混淆漏洞實例淺析
4DOGS
2019-02-23 00:37:58
又一次redis被刪庫跑路,索要0.6比特幣
冷暖己知
2019-02-23 00:29:40
Redis 未授權訪問漏洞
wx5aab467ca1d27
2019-02-23 00:12:27
Windows2000漏洞集錦
dream_sky11
2019-02-22 23:52:49
【轉】apache近期ddos漏洞解法
sharkyan
2019-02-22 23:51:38
LINUX系統中關於wunderbar_emporium.sh腳本系統漏洞的問題.
feng9422
2019-02-22 23:37:43
SQL 注入天書 - ASP 注入漏洞全接觸
piaolang
2019-02-22 23:07:41
那些年幹過的事(二)—成績查詢網站爆庫及防護
JamFang
2019-02-22 22:51:15
微軟緊急發佈針對IE的0Day漏洞非常規補丁 MS08-078(KB960714)
xhl7891
2019-02-22 22:30:56