2008/05/14

Debian/Ubuntu DSA-1571-1 openssl -- predictable random number generator

http://www.debian.org/security/2008/dsa-1571

Debian 上的 OpenSSL random number generator 可被預測,將造成 SSL 與 SSH 的金鑰可能被破解。此漏洞也會影響源自 Debian 的 Ubuntu。

Luciano Bello discovered that the random number generator in Debian's openssl package is predictable. This is caused by an incorrect Debian-specific change to the openssl package (CVE-2008-0166). As a result, cryptographic key material may be guessable.

This is a Debian-specific vulnerability which does not affect other operating systems which are not based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.

No comments:

Post a Comment