Slashdot Mirror

← Back to Stories (view on slashdot.org)

Debian Bug Leaves Private SSL/SSH Keys Guessable

Posted by timothy on from the security-is-a-process dept.

SecurityBob writes "Debian package maintainers tend to very often modify the source code of the package they are maintaining so that it better fits into the distribution itself. However, most of the time, their changes are not sent back to upstream for validation, which might cause some tension between upstream developers and Debian packagers. Today, a critical security advisory has been released: a Debian packager modified the source code of OpenSSL back in 2006 so as to remove the seeding of OpenSSL random number generator, which in turns makes cryptographic key material generated on a Debian system guessable. The solution? Upgrade OpenSSL and re-generate all your SSH and SSL keys. This problem not only affects Debian, but also all its derivatives, such as Ubuntu." Reader RichiH also points to Debian's announcement and Ubuntu's announcement.

19 of 670 comments (clear)

  1. stupid stupid stupid by spikedvodka · · Score: 5, Insightful

    Who did this? You don't remove the seeding... stupid

    did I mention stupid?

    this is how some of the old video games were "broken" despite using "random" numbers, the seed was always the same... leading to the same sequence of events

    --
    I will not give in to the terrorists. I will not become fearful.
    1. Re:stupid stupid stupid by Omnifarious · · Score: 4, Insightful

      Who did this? You don't remove the seeding... stupid

      That's what I was thinking too. What kind of idiot makes that sort of change?

      --
      Need a Python, C++, Unix, Linux develop
    2. Re:stupid stupid stupid by Anonymous Coward · · Score: 5, Insightful

      Lesson#1: It's best to not change code you do not understand without getting it reviewed by people who (are supposed to) understand the code.

      Lesson#2: If you write code that deliberately does weird things like wanting to read unitialised memory, PUT A COMMENT so that people other than you have a fighting chance with your code.

  2. The big question is.. by Idaho · · Score: 4, Insightful

    whether this can possibly be claimed to be an accident *dons tinfoil hat*.

    But seriously, removing the code that seeds a random number generator? I can hardly imagine making such a change by accident. I may just lack a sufficiently colorful imagination, though.

    (or, before resorting to conspiracy theories, we should probably ask ourselves first, "can this possibly be explained by simple stupidity?"

    --
    Every expression is true, for a given value of 'true'
  3. Re:It will be fixed by gQuigs · · Score: 5, Insightful

    This problem isn't something you can just update your system to fix. This means the basis for all remote authentication on your Debian/Ubuntu machines is compromised until you go and fix it manually.

  4. OSS, only as good as the last developer? by MosesJones · · Score: 5, Insightful

    First off I'm a big OSS supporter, yada, yada

    But the point here is that the freedom that OSS gives you does require you to trust the whole distribution chain. In this case there was an added muppet who did something they shouldn't have thus rendering everything downstream insecure. OSS is great but it required great developers, given that it has take well over a year to get the advisory out it shows that the many eyes piece didn't work here, mainly because the eyes were looking at the original source not the botched packaging job.

    The "easy to use" Linux box in the house uses Ubuntu and has this issue and like many people I didn't even think to check that the OpenSSL wasn't the REAL OpenSSL it was OpenSSL with muppet extensions. Maybe there needs to be some form of extension that warns that a package has been modified from its original source code and that the modification was done by "K. Frog" so you can determine whether to trust that package or look back to the source.

    Or some sort of voting system on contributors (how very Web 2.0) so you can see how the people who touched your package were rated with the biggest weighting being given to the last person through the code (hand edited by Linus = 5 stars, hand edited by James Gosling = 5 stars, hand edited by the bloke who wrote clippy = 2 stars, hand edited by a bloke who removed a seed generator = 0 stars).

    Having the code is great, but this makes me want to know much more about who last edited that code.

    --
    An Eye for an Eye will make the whole world blind - Gandhi
    1. Re:OSS, only as good as the last developer? by peragrin · · Score: 4, Insightful

      Ah so if the same thing happened from MSFT but no one noticed it does that mean closed source is better.

      No software is perfect. when F/OSS screws up everything including the exact versions of the software where the bug began, until it is fixed is known. You know what/where/when/how, and most of the time why it happened.

      With closed source software your considered lucky if you get a patch in a timely fashion.

      Personally i would rather know what happened and when too.

      --
      i thought once I was found, but it was only a dream.
  5. Re:It will be fixed by Archangel+Michael · · Score: 4, Insightful

    It shouldn't need fixing in the first place.

    Debian people screwed up. This leaves a huge distaste in my mouth for Debian (and Ubuntu).

    --
    Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
  6. Re:It will be fixed by rhavenn · · Score: 5, Insightful

    I'm sure the problem will be fixed if the developers acknowledge that the problem exists. Not a big worry. No, but it shouldn't have been changed in the first place. Debian needs to stick their ego up their ass sometimes and just let the people who wrote the software do the coding vs. sticking their own code in in places they don't fully understand. This and their attitude of licensing and not reporting changes back upstream is a stupidly annoying habit.

    note: When I have to run Linux instead of a BSD it's Debian and/or Kubuntu all the way since the benefits outweigh the negatives, but it's still an annoying habit of theirs.
  7. Re:You stupid god damned open sourcers by clang_jangle · · Score: 5, Insightful

    Windows here I come. At least someone would be accountable for shit work like this.


    Yeah, like all those times when MS cut checks for all their customers whose computers were compromised! Oh, wait...
    --
    Caveat Utilitor
  8. Re:Of course... by Oxy+the+moron · · Score: 5, Insightful

    Quit being a cry baby and run 'apt-get upgrade' already. It would have taken you less time than to come in here complain.

    ... and regenerate all the keys, yes? It isn't quite as simple as you suggest...

    "All OpenSSH and X.509 keys generated on such systems must be considered untrustworthy, regardless of the system on which they are used, even after the update has been applied."

    --

    Proudly supporting the Libertarian Party.

  9. Re:It will be fixed by 2short · · Score: 5, Insightful

    Basic cryptographic services have been compromised for a year and your analysis is to assume on faith that it's open source so it will be fixed, so no problem?

    If someone stole your crypto keys and has had them for a year...

    How thoroughly might they have compromised your system by now?
    How many passwords might they have stolen that you use on other systems?
    What else might they have done that will give them access in the future even after you fix this?

    Just regenerate your keys and no problem? The problem that guessable keys are generated will undoubtably be fixed asap, if not already. The problem that this has been the case for the last year will not be, and is a big worry.

  10. A great filter by Free+the+Cowards · · Score: 4, Insightful

    Anyone who posts to this story saying that this is no big deal or telling other people to stop whining should simply be banned from Slashdot for life. If you cannot be bothered to read the article and you cannot be bothered to understand just what a serious vulnerability this is but you insist on insulting those who do, why should you be allowed to continue to post your ignorant bleating?

    --
    If you mod me Overrated, you are admitting that you have no penis.
    1. Re:A great filter by Free+the+Cowards · · Score: 4, Insightful

      Your SSL-enabled web sites spent two years being vulnerable to masquerade or man-in-the-middle attacks. Your SSH servers spent two years being vulnerable to same. Your SSH key pairs spent two years being easily crackable by anyone who happened to notice this vulnerability but didn't tell the world. I'm not entirely sure, but I think that SSL and SSH sessions either to or from the affected OSes may be crackable, and if so this would include traffic that was recorded at any time during the vulnerable period and can now be analyzed using knowledge of this bug to find out what data they carried.

      This is a big deal. Maybe it doesn't affect you very much. It doesn't affect me at all, I've never run these distros. But you can bet right now that there are a lot of heavy Linux users out there going through a lot of trouble. This is going to be a bonanza for certificate authorities as everyone who generated SSL keys with these distros is going to need to purchase a new cert.

      --
      If you mod me Overrated, you are admitting that you have no penis.
  11. Re:To non-IT people by Sun.Jedi · · Score: 5, Insightful

    This is on the SSH server side. If you are a casual desktop user, you don't have to do anything. Yes, a good observation for IM/Email/Youtube/Facebook crowd... but how many others ssh into their home machine? I'd wager the ability to ssh into a home box is one of the better perks to running linux@home.
  12. Re:It will be fixed by MSG · · Score: 4, Insightful

    I think the point was that if the Debian maintainer had submitted his patch upstream, he'd have been told exactly how stupid it was.

  13. Don't underestimate corporate arse-covering by zooblethorpe · · Score: 4, Insightful

    If some coder did this at a company at least I'm pretty confident they'd get their ass fired, but with open source it's basically "whoops, my bad."

    I, on the other hand, strongly suspect that any similar mistake at a major software corporation would in all probability be quietly ignored, if it were even noticed at all -- and if it were instead deemed enough of a public relations risk to warrant dealing with, the company would likely just silently push an update to correct the problem for future users, leaving anyone using extant keys with their arses hanging in the breeze.

    But maybe I'm just being overly cynical. :-\

    Cheers,

    --
    "What in the name of Fats Waller is that?"
    "A four-foot prune."
  14. Re:It will be fixed by IamTheRealMike · · Score: 4, Insightful

    The problem is that the email is rather misleading, from what I understand. It talks about two places causing the problem even though only one of them actually was making valgrind complain (and you can see, purify already picked up on the problem some time before). The trick is that his patch, not included in the email, removed both calls. Which was busted. So if he'd actually sent a full patch, proposed it for inclusion and had it properly code reviewed, the mistake would probably have been caught.

  15. Re:It will be fixed by IamTheRealMike · · Score: 4, Insightful

    No, he posted a question openssl-dev, which is a mailing list for people writing software that uses OpenSSL. This OpenSSL developer doesn't read it and that's similar with most open source project - developers often don't read mailing lists for end users.

    What's more, that mail doesn't contain a patch. It contains a misleading question with two lines posted in isolation. An actual patch, submitted for an actual code review, would almost certainly have revealed the problem via context.

    You don't change crypto code of all things based on an idle question on a mailing list populated mostly by users. What's next, changing the kernel scheduler based on a conversation in #kernel-newbies?