Debian灾难性漏洞
2008-05-19 20:15
1351 查看
以下摘自metasploit的blog
The Bug
On May 13th, 2008 the Debian project announced that Luciano Bello found an interesting vulnerability in the OpenSSL package they were distributing. The bug in question was caused by the removal of the following line of code from md_rand.c
MD_Update(&m,buf,j);
[ .. ]
MD_Update(&m,buf,j); /* purify complains */
These lines were removed because they caused the Valgrind and Purify tools to produce warnings about the use of uninitialized data in any code that was linked to OpenSSL. You can see one such report to the OpenSSL team here. Removing this code has the side effect of crippling the seeding process for the OpenSSL PRNG. Instead of mixing in random data for the initial seed, the only “random” value that was used was the current process ID. On the Linux platform, the default maximum process ID is 32,768, resulting in a very small number of seed values being used for all PRNG operations.
所有在2006.9月到2008.5.13的debian平台上生成的key均受影响。 debian很快修复了此漏洞,并给出了blacklists和自查工具。
攻击工具应该很快会出现,metasploit已经生成了key的数据库,可以用类似rainbow的方法去查询,也可以直接暴力破解ssh key。
现在就等worm什么时候出现了。
因为这个漏洞比较严重,所以特此记录,立此存照。
相关链接:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=363516
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=363516
http://metasploit.com/users/hdm/tools/debian-openssl/
http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/61666
http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/61606
http://www.debian.org/security/2008/dsa-1571
The Bug
On May 13th, 2008 the Debian project announced that Luciano Bello found an interesting vulnerability in the OpenSSL package they were distributing. The bug in question was caused by the removal of the following line of code from md_rand.c
MD_Update(&m,buf,j);
[ .. ]
MD_Update(&m,buf,j); /* purify complains */
These lines were removed because they caused the Valgrind and Purify tools to produce warnings about the use of uninitialized data in any code that was linked to OpenSSL. You can see one such report to the OpenSSL team here. Removing this code has the side effect of crippling the seeding process for the OpenSSL PRNG. Instead of mixing in random data for the initial seed, the only “random” value that was used was the current process ID. On the Linux platform, the default maximum process ID is 32,768, resulting in a very small number of seed values being used for all PRNG operations.
所有在2006.9月到2008.5.13的debian平台上生成的key均受影响。 debian很快修复了此漏洞,并给出了blacklists和自查工具。
攻击工具应该很快会出现,metasploit已经生成了key的数据库,可以用类似rainbow的方法去查询,也可以直接暴力破解ssh key。
现在就等worm什么时候出现了。
因为这个漏洞比较严重,所以特此记录,立此存照。
相关链接:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=363516
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=363516
http://metasploit.com/users/hdm/tools/debian-openssl/
http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/61666
http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/61606
http://www.debian.org/security/2008/dsa-1571
相关文章推荐
- Debian GNU/Linux 9 “Stretch”获取新内核补丁,修复CVE-2018-15471和CVE-2018-18021漏洞
- USB接口爆灾难性安全漏洞,影响全球数十亿设备
- zabbix版本升级3.0.4 修复mysql漏洞(debian7)
- Debian GNU/Linux 9 “Stretch”为L1 Terminal Fault 漏洞发布新内核
- Debian7离线升级bash漏洞—再修复方法
- Linux爆本地提权漏洞请更新udev程序(Debian ubuntu 测试通过,Centos5.3失败,FC10测试成功)
- Flash漏洞 推荐
- Fckeditor漏洞利用总结
- 6月第5周安全回顾 Web应用安全受关注 微软IE新漏洞 推荐
- Bash安全漏洞――通过专门制作的环境变量注入漏洞
- Sql语句密码验证的安全漏洞
- Bash软件安全漏洞检测及解决方案
- 百度最新跨站漏洞
- Bash 远程任意代码执行安全漏洞(最严重漏洞)
- 网站中SQL注入脚本漏洞的挖掘与防护
- linux bash漏洞新消息
- QQ Mail跨站脚本漏洞
- CVE-2014-6271: BASH 漏洞记录
- 域名系统发现严重漏洞,影响客户访问网页
- 漏洞列表网站