There was random number generator vulnerability in Debian OpenSSL package and similar packages in derived distributions such as Ubuntu / others. Many of our regular readers would like to know:
Can bug present in the Debian OpenSSL packages affect Red Hat / FreeBSD / CentOS Linux workstation / server users?
Short answer, yes.
All keys generated using Debian OpenSSL package must be replaced on other system including FreeBSD / CentOS / RHEL etc as all keys considered as compromized. OpenSSL, OpenSSH and OpenVPN are badly effected. For example, if you use OpenSSH key to get into other Linux / UNIX servers and if key-pair is generated with a vulnerable OpenSSL library, you are at the risk as the key can be reproduced easily.
Bottom, line you need to update keys on other boxes too.
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- My 10 UNIX Command Line Mistakes
- 25 PHP Security Best Practices For Sys Admins
- The Novice Guide To Buying A Linux Laptop
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
Facebook it - Tweet it - Print it -
We're here to help you make the most of sysadmin work. So, subscribe!
{ 1 comment… read it below or add one }
1.Medium issue :- SSL Cookie not used(4720)
2.SSLv3/TLS Renogotiation Stream Injection
Can anyone tell me how this vulnerability happens…..
Can anyone suggest any open source scanning device which shows these type of vulnerabilities?