Impact of the Debian OpenSSL Vulnerability On other Linux Distribution
There was random number generator vulnerability in Debian OpenSSL package and similar packages in derived distributions such as Ubuntu / others. Many of our regular readers would like to know:
Can bug present in the Debian OpenSSL packages affect Red Hat / FreeBSD / CentOS Linux workstation / server users?
Short answer, yes.
All keys generated using Debian OpenSSL package must be replaced on other system including FreeBSD / CentOS / RHEL etc as all keys considered as compromized. OpenSSL, OpenSSH and OpenVPN are badly effected. For example, if you use OpenSSH key to get into other Linux / UNIX servers and if key-pair is generated with a vulnerable OpenSSL library, you are at the risk as the key can be reproduced easily.
Bottom, line you need to update keys on other boxes too.
You may also be interested in other helpful articles:
- Security Warning: Serious flaw in Debian Linux OpenSSL Package
- Ubuntu Linux Critical OpenSSL and Ruby Vulnerabilities Fix Released
- Security: OpenSSL Vulnerable to Forged Signatures
- Ubuntu / Debian Linux Find Weak OpenSSL keys
- Security buffer overflow: libtk-img packages arbitrary code execution
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
Tags: CentOS, cve-2008-0166, debian, FreeBSD, Linux, Linux distribution, openssl, openssl library, openssl package, random number generator, rhel, ubuntu, UNIX
Recent Comments
Today ~ 45 Comments
Today ~ 6 Comments
Yesterday ~ 5 Comments
Yesterday ~ 13 Comments
Yesterday ~ 50 Comments