Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] debian/ssl

2008-05-16 09:55:34
Subject: Re: [Bacula-users] debian/ssl
From: Chris Hoogendyk <hoogendyk AT bio.umass DOT edu>
To: bacula-users <bacula-users AT lists.sourceforge DOT net>
Date: Fri, 16 May 2008 09:55:05 -0400 

Frank Sweetser wrote:
> Florian Heigl wrote:
>   
>> Hi,
>>
>> as most are probably aware debian had a little "Oops" concerning
>> openssl 
>> (http://wiki.debian.org/SSLkeys#head-49a0007d742a0fcc4742d630456fecc08016fbb8).
>> unfortunately there is no mention of Bacula in their wiki so far.
>>
>> Does anyone know if
>> - one should bother redoing the Bacula SD/DIR/FD/Console pass strings?
>> (they're done using openssl, and so far i thought they look quite
>> random
>>     
>
> >From what I can tell, the MD5 strings *should* be safe.  That said, I
> certainly wouldn't recommend against updating them.
>   

You can't just "see" whether they are random or not (unless you're some 
really special kind of idiot savant ;-)  ). It takes a 
statistical/mathematical analysis to see the patterns and/or repetition. 
This can be programmed, and, indeed, it is said that there are kits "out 
there" for doing this.

The security experts here (at UMass) have told us that we need to scrap 
and regenerate everything after updating to fix the problem.


>> - someone already made scripts for regenerating the SSL/TLS keys for
>> people that use this for bacula
>>     
>
> Really, you're just going through the same process that you used in the first
> place to generate the certificates.  Just pretend that they all expired at the
> same time, and regenerate them.
>   
>> - people who used SD encryption might want to migrate / re-encrypt as
>> this might (i dont know!) be more susceptible for the weakness
>>     
>
> Absolutely.  Unless I've completely misunderstood it, data encryption still
> uses openssl created certificates to secure the data, so they will be subject
> to the same risk.
>
> In other words, this vulnerability puts any encrypted Bacula volumes at risk.
>   

Note that it includes any Debian derived systems, such as Ubuntu, as 
well. And, it includes workstations that happen to be susceptible and 
that use keys to log into your server, thus making your server 
susceptible whether it is Debian derived or not.

I've put the notice that was sent to us at the end of this just in case 
anyone wants their details and links.


---------------

Chris Hoogendyk

-
   O__  ---- Systems Administrator
  c/ /'_ --- Biology & Geology Departments
 (*) \(*) -- 140 Morrill Science Center
~~~~~~~~~~ - University of Massachusetts, Amherst 

<hoogendyk AT bio.umass DOT edu>

--------------- 

Erdös 4








-------- Original Message --------

Subject:        [Umanetsec-l] Debian predictable random number generator
Date:   Thu, 15 May 2008 10:47:54 -0400



Scope: Anyone using cryptographic keys from a Debian derivative OS
(Ubuntu included, etc). This weakness is present both on servers running
Debian variants as well as servers that users connect to from
Debian-based workstations.

Impact: It is claimed that there are only 65k weak keys to be brute
forced. The logging on failed shared key authentication attempts is weak
in many log configurations. As such, there is a substantial exposure
presented here. There are already multiple publicly available tools that
can exploit this weakness.

Solution: Check with your distribution for details. Some common
references below.

http://www.debian.org/security/
http://www.ubuntu.com/usn

Details:

From: http://www.debian.org/security/2008/dsa-1571

"Luciano Bello discovered that the random number generator in Debian's
openssl package is predictable. This is caused by an incorrect
Debian-specific change to the openssl package (CVE-2008-0166). As a
result, cryptographic key material may be guessable.

This is a Debian-specific vulnerability which does not affect other
operating systems which are not based on Debian. However, other systems
can be indirectly affected if weak keys are imported into them.

It is strongly recommended that all cryptographic key material which has
been generated by OpenSSL versions starting with 0.9.8c-1 on Debian
systems is recreated from scratch. Furthermore, all DSA keys ever used
on affected Debian systems for signing or authentication purposes should
be considered compromised; the Digital Signature Algorithm relies on a
secret random value used during signature generation.

The first vulnerable version, 0.9.8c-1, was uploaded to the unstable
distribution on 2006-09-17, and has since that date propagated to the
testing and current stable (etch) distributions. The old stable
distribution (sarge) is not affected.

Affected keys include SSH keys, OpenVPN keys, DNSSEC keys, and key
material for use in X.509 certificates and session keys used in SSL/TLS
connections. Keys generated with GnuPG or GNUTLS are not affected, though."


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft 
Defy all challenges. Microsoft(R) Visual Studio 2008. 
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] debian/ssl, Frank Sweetser
Next by Date:  [Bacula-users] bacula tray monitor in debian 4.0, Israel Miranda
Previous by Thread:  Re: [Bacula-users] debian/ssl, Frank Sweetser
Next by Thread:  [Bacula-users] Q: Rename a client in the DB, Robert Wirth
Indexes:  [Date] [Thread] [Top] [All Lists]