≡ Menu

Impact of the Debian OpenSSL Vulnerability On other Linux Distribution

There was random number generator vulnerability in Debian OpenSSL package and similar packages in derived distributions such as Ubuntu / others. Many of our regular readers would like to know:

Can bug present in the Debian OpenSSL packages affect Red Hat / FreeBSD / CentOS Linux workstation / server users?

Short answer, yes.

All keys generated using Debian OpenSSL package must be replaced on other system including FreeBSD / CentOS / RHEL etc as all keys considered as compromized. OpenSSL, OpenSSH and OpenVPN are badly effected. For example, if you use OpenSSH key to get into other Linux / UNIX servers and if key-pair is generated with a vulnerable OpenSSL library, you are at the risk as the key can be reproduced easily.

Bottom, line you need to update keys on other boxes too.

Share this on:

{ 1 comment… add one }

  • Balakrishnan December 22, 2010, 1:11 pm

    1.Medium issue :- SSL Cookie not used(4720)
    2.SSLv3/TLS Renogotiation Stream Injection

    Can anyone tell me how this vulnerability happens…..
    Can anyone suggest any open source scanning device which shows these type of vulnerabilities?

Leave a Comment

   Tagged with: , , , , , , , , , , , ,