Impact of the Debian OpenSSL Vulnerability On other Linux Distribution

Posted on in Categories CentOS, Debian Linux, Linux distribution, OpenBSD, package management, RedHat/Fedora Linux, Security, Security Alert, Ubuntu Linux, UNIX, Windows, Windows server, windows vista last updated June 23, 2008

There was random number generator vulnerability in Debian OpenSSL package and similar packages in derived distributions such as Ubuntu / others. Many of our regular readers would like to know:

Can bug present in the Debian OpenSSL packages affect Red Hat / FreeBSD / CentOS Linux workstation / server users?

Short answer, yes.

All keys generated using Debian OpenSSL package must be replaced on other system including FreeBSD / CentOS / RHEL etc as all keys considered as compromized. OpenSSL, OpenSSH and OpenVPN are badly effected. For example, if you use OpenSSH key to get into other Linux / UNIX servers and if key-pair is generated with a vulnerable OpenSSL library, you are at the risk as the key can be reproduced easily.

Bottom, line you need to update keys on other boxes too.

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

1 comment

  1. 1.Medium issue :- SSL Cookie not used(4720)
    2.SSLv3/TLS Renogotiation Stream Injection

    Can anyone tell me how this vulnerability happens…..
    Can anyone suggest any open source scanning device which shows these type of vulnerabilities?

Leave a Comment