Recent Debian private key generation vulnerability

Recently discovered predictable RSA and DSA key generation vulnerabilities occurring in Debian OpenSSL packages[1][2]. As many Linux distributions are based of Debian derived distributions like the popular Ubuntu, Knoppix, Kubuntu distributions, there are a significant number of vulnerable RSA and DSA private keys around now.

SSH keys generated on Debian distros have these vulnerabilities too. This will affect SSH system administrators and users. These users should refer to available advice[3]. The rest of this advisory will focus on key and X509 certificate implications.

Description:

Users and system administrators generate RSA and DSA keys for a large number of applications[4]. Those who have OpenSSL, or any of the many applications that use OpenSSL libraries, on vulnerable platforms are affected. Those systems that allow remote access as a result of a user provided vulnerable public key may also be at risk of unauthorized access.

How is CAcert affected?

Luckly, the CAcert Root Class 1 and 3 keys are not affected as these were generated before the vulnerability was introduced into Debian[3] in September 2006. The process that signs CSR (certificate signing requests) and therefore all signed public keys does not use any key generation, so they are not affected by CAcert. Conclusion: CAcert does NOT have to reissue every signed certificate.

But if you have generated a new certificate later as August 2006 and used OpenSSL on a Debian system please read on. First is explained what actions have been undertaken by CAcert in order to recover from this vulnerability event. If you used Debian this may help you as well.

CAcert is using Debian OS and so CAcert’s internal systems were affected, as they generated predictable RSA and DSA keys for internal use, eg ssh authorized_keys for remote system administration. As SSH access is restricted to only to a few static configered IP addresses this posed only a very low risk.

The server certificates of servers like https://www.cacert.org and https://secure.cacert.org were affected by a poor key. CAcert has replaced those keys.

How can servers and clients be affected and what should you do now?

Please refer to our Debian Vulnerability Handling wiki page.

Daniel Black, system administrator for CAcert

[1] http://www.debian.org/security/2008/dsa-1571 Debian Security Advisory
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0166
[3] http://www.debian.org/security/key-rollover/
[4] http://wiki.cacert.org/wiki/DebianVulnerabilityHandling

Leave a Reply