Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Bacula-users] Fwd: [Bacula-devel] Bacula affected by debian openssl vulnerability

2008-05-16 14:48:44
Subject: [Bacula-users] Fwd: [Bacula-devel] Bacula affected by debian openssl vulnerability
From: Kern Sibbald <kern AT sibbald DOT com>
To: "bacula-announce" <bacula-announce AT lists.sourceforge DOT net>, "bacula-users" <bacula-users AT lists.sourceforge DOT net>
Date: Fri, 16 May 2008 12:56:48 -0400 
Hello,

I am forwarding this email for your information since it quite well summarizes 
the problem.

Please note: this is not a Bacula bug, but an OpenSSL bug only on Debian and 
Debian derived systems (Ubuntu, Kubuntu, Mephis, ...) that can affect Bacula 
if you are using encryption.

Best regards,

Kern

----------  Forwarded Message  ----------

Subject: [Bacula-devel] Bacula affected by debian openssl vulnerability
Date: Friday 16 May 2008
From: Frank Sweetser <fs AT wpi DOT edu>
To: Bacula-Devel <bacula-devel AT lists.sourceforge DOT net>


I realize that, strictly speaking, this isn't a Bacula bug, but this is
critical enough that it might be worth putting a statement up on the web page
about the current debian openssl vulnerability.  At least one person has
already asked about it on the users list, and I'm sure that there are plenty
more who are concerned about it.

Short version - for the last three years, a bug introduced into the openssl
libraries on debian has cut the actual entropy down in the random number
generator to only 15 bits.  This means that an attacker only has to try at
most 2^15 (32,768) different values to crack anything protected by one of
these certificates by brute force - pretty trivial on any reasonably modern
computer.

For those who want all the gory details:

http://wiki.debian.org/SSLkeys
http://www.debian.org/security/2008/dsa-1571
http://isc.sans.org/diary.html?storyid=4420
http://isc.sans.org/diary.html?storyid=4421

The fix is two part.  First, you must upgrade openssl to a version where the
random number generator is fixed.  That's the easy part.

The harder part is that you must regenerate any certificates or keys (ssh,
SSL, TLS, etc) that were generated by the buggy library.  Any data encrypted
with certs from the buggy version is at risk, and should (ideally) be
re-encrypted and the old version wiped.

Bacula uses openssl certs in two places: communication encryption, and data
encryption.

The communication encryption is relatively straightforward.  Regenerate and
replace the certs, and any future data streams should be safe.  If an attacker
has captured old data streams, they will be vulnerable to decryption, but
there's not much you can do about that.

The data encryption part is much harder.  Any volumes encrypted by these buggy
certificates are also vulnerable to decryption by an attacker.  Someone who's
more familiar than I am with the data encryption code will have to comment on
exactly what mechanism might work best, but anyone with such a volume should
basically treat it as unencrypted until they have re-encrypted the volume data
with a new, safe certificate.  It's also worth noting that this would affect
any master keys as well as client specific keys.

It also looks like a good number of packages use 'openssl rand' to generate
MD5 passwords.  This obviously uses openssl to generate some entropy, so it
may also be vulnerable (someone with more crypto skills than me care to
comment either way?), so unless you've generated your own passwords using
something other than a vulnerable openssl it's probably safest to consider
them compromised and just generate new ones.

-- 
Frank Sweetser fs at wpi.edu  |  For every problem, there is a solution that
WPI Senior Network Engineer   |  is simple, elegant, and wrong. - HL Mencken
    GPG fingerprint = 6174 1257 129E 0D21 D8D4  E8A3 8E39 29E3 E2E8 8CEC

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft 
Defy all challenges. Microsoft(R) Visual Studio 2008. 
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Bacula-devel mailing list
Bacula-devel AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-devel

-------------------------------------------------------

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft 
Defy all challenges. Microsoft(R) Visual Studio 2008. 
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Bacula-users] Fwd: [Bacula-devel] Bacula affected by debian openssl vulnerability, Kern Sibbald <=
Previous by Date:  Re: [Bacula-users] Proplem upgrading from 1.38 to 2.2, Jari Fredriksson
Next by Date:  Re: [Bacula-users] cannot access tape device, Randy Schultz
Previous by Thread:  [Bacula-users] Proplem upgrading from 1.38 to 2.2, Jari Fredriksson
Next by Thread:  [Bacula-users] FileSet Directive questions, LDB
Indexes:  [Date] [Thread] [Top] [All Lists]