Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (VPN)  >   OpenSSL Vendors:
OpenSSL for Debian/Ubuntu Predictable RNG Lets Remote Users Determine Cryptographic Keys
SecurityTracker Alert ID:  1020017
SecurityTracker URL:
CVE Reference:   CVE-2008-0166   (Links to External Site)
Updated:  May 13 2008
Original Entry Date:  May 13 2008
Impact:   Disclosure of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Debian 0.9.8c-1 and later, up to 0.9.8c-4etch3 (stable) and 0.9.8g-9 (unstable)
Description:   A vulnerability was reported in OpenSSL on Debian and Ubuntu Linux. A remote user can determine keys.

The OpenSSL random number generator creates keys in a predictable manner. A remote user can conduct guessing attacks to determine cryptographic keys.

Systems based on Debian Linux are affected, including Ubuntu Linux.

All cryptographic keys generated may be affected, including SSH keys, OpenVPN keys, DNSSEC keys, keys used in X.509 certificates, and session keys used in SSL/TLS connections.

GnuPG and GNUTLS keys are not affected.

Luciano Bello reported this vulnerability.

Impact:   A remote user can determine keys.
Solution:   Fixes are available for Debian and Ubuntu. Keys should be regenerated.

The Debian advisory is available at:

The Ubuntu advisories are available at:

Cause:   Randomization error
Underlying OS:  Linux (Debian), Linux (Ubuntu)
Underlying OS Comments:  Debian-based systems only

Message History:   This archive entry has one or more follow-up message(s) listed below.
May 22 2008 (Asterisk Issues Advisory) OpenSSL for Debian/Ubuntu Predictable RNG Lets Remote Users Determine Cryptographic Keys
Asterisk has issued an advisory warning that keys generated using 'astgenkey' on Debian-based systems may be compromised.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, LLC