Impact of the Debian OpenSSL Vulnerability On other Linux Distribution

by on June 23, 2008 · 1 comment· LAST UPDATED June 23, 2008

in , ,

There was random number generator vulnerability in Debian OpenSSL package and similar packages in derived distributions such as Ubuntu / others. Many of our regular readers would like to know:

Can bug present in the Debian OpenSSL packages affect Red Hat / FreeBSD / CentOS Linux workstation / server users?

Short answer, yes.

All keys generated using Debian OpenSSL package must be replaced on other system including FreeBSD / CentOS / RHEL etc as all keys considered as compromized. OpenSSL, OpenSSH and OpenVPN are badly effected. For example, if you use OpenSSH key to get into other Linux / UNIX servers and if key-pair is generated with a vulnerable OpenSSL library, you are at the risk as the key can be reproduced easily.

Bottom, line you need to update keys on other boxes too.

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 1 comment… read it below or add one }

1 Balakrishnan December 22, 2010 at 1:11 pm

1.Medium issue :- SSL Cookie not used(4720)
2.SSLv3/TLS Renogotiation Stream Injection

Can anyone tell me how this vulnerability happens…..
Can anyone suggest any open source scanning device which shows these type of vulnerabilities?

Reply

Leave a Comment

Tagged as: , , , , , , , , , , , ,

Previous post:

Next post: