summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2008-05-13 01:41:49 +0000
committerColin Watson <cjwatson@debian.org>2008-05-13 01:41:49 +0000
commit715e7917be8655e8aa49ee04fceb20336e0ac4f7 (patch)
tree6051e757efca719fe1fcdfb4dffc7dfbee7b4afd
parentc2e1f584e0372cfc414eda3a0691971ebb2f322d (diff)
add repair instructions from Matt
-rw-r--r--debian/README.compromised-keys134
-rw-r--r--debian/openssh-server.templates3
-rwxr-xr-xdebian/rules2
3 files changed, 137 insertions, 2 deletions
diff --git a/debian/README.compromised-keys b/debian/README.compromised-keys
new file mode 100644
index 000000000..c3e6cbbf2
--- /dev/null
+++ b/debian/README.compromised-keys
@@ -0,0 +1,134 @@
1The following instructions relate to CVE-2008-0166. They were prepared by
2Matt Zimmerman, assisted by Colin Watson.
3
4== What Happened ==
5
6A weakness has been discovered in the random number generator used by OpenSSL
7on Debian and Ubuntu systems. As a result of this weakness, certain encryption
8keys are generated much more frequently than they should be, such that an
9attacker could guess the key through a brute-force attack given minimal
10knowledge of the system.
11
12We consider this an extremely serious vulnerability, and urge all users to act
13immediately to secure their systems.
14
15== Who is affected ==
16
17Systems which are running any of the following releases:
18
19 * Debian 4.0 (etch)
20 * Ubuntu 7.04 (Feisty)
21 * Ubuntu 7.10 (Gutsy)
22 * Ubuntu 8.04 LTS (Hardy)
23 * Ubuntu "Intrepid Ibex" (development): libssl <= 0.9.8g-8
24
25and have openssh-server installed or have been used to create an OpenSSH key or
26X.509 (SSL) certificate.
27
28All OpenSSH and X.509 keys generated on such systems must be considered
29untrustworthy, regardless of the system on which they are used, even after the
30update has been applied.
31
32This includes the automatically generated host keys used by OpenSSH, which are
33the basis for its server spoofing and man-in-the-middle protection.
34
35The specific package versions affected are:
36
37 * Debian 4.0: libssl <= 0.9.8c-4etch3
38 * Ubuntu 7.04: libssl <= 0.9.8c-4ubuntu0.2
39 * Ubuntu 7.10: libssl <= 0.9.8e-5ubuntu3.1
40 * Ubuntu 8.04: libssl <= 0.9.8g-4ubuntu3
41
42== What to do if you are affected ==
43
44OpenSSH:
45
461. Install the security updates
47
48 Once the update is applied, weak user keys will be automatically rejected
49 where possible (though they cannot be detected in all cases). If you are
50 using such keys for user authentication, they will immediately stop working
51 and will need to be replaced (see step 3).
52
53 OpenSSH host keys can be automatically regenerated when the OpenSSH security
54 update is applied. The update will prompt for confirmation before taking
55 this step.
56
572. Update OpenSSH known_hosts files
58
59 The regeneration of host keys will cause a warning to be displayed when
60 connecting to the system using SSH until the host key is updated in the
61 known_hosts file. The warning will look like this:
62
63 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
64 @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
65 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
66 IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
67 Someone could be eavesdropping on you right now (man-in-the-middle attack)!
68 It is also possible that the RSA host key has just been changed.
69
70 In this case, the host key has simply been changed, and you should update
71 the relevant known_hosts file as indicated in the error message.
72
733. Check all OpenSSH user keys
74
75 The safest course of action is to regenerate all OpenSSH user keys,
76 except where it can be established to a high degree of certainty that the
77 key was generated on an unaffected system.
78
79 Check whether your key is affected by running the ssh-vulnkey tool, included
80 in the security update. By default, ssh-vulnkey will check the standard
81 location for user keys (~/.ssh/id_rsa, ~/.ssh/id_dsa and ~/.ssh/identity),
82 your authorized_keys file (~/.ssh/authorized_keys and
83 ~/.ssh/authorized_keys2), and the system's host keys
84 (/etc/ssh/ssh_host_dsa_key and /etc/ssh/ssh_host_rsa_key).
85
86 To check all your own keys, assuming they are in the standard
87 locations (~/.ssh/id_rsa, ~/.ssh/id_dsa, or ~/.ssh/identity):
88
89 ssh-vulnkey
90
91 To check all keys on your system:
92
93 sudo ssh-vulnkey -a
94
95 To check a key in a non-standard location:
96
97 ssh-vulnkey /path/to/key
98
99 If ssh-vulnkey says "No blacklist file", then it has no information
100 about whether that key is affected.
101
1024. Regenerate any affected user keys
103
104 OpenSSH keys used for user authentication must be manually regenerated,
105 including those which may have since been transferred to a different system
106 after being generated.
107
108 New keys can be generated using ssh-keygen, e.g.:
109
110 $ ssh-keygen
111 Generating public/private rsa key pair.
112 Enter file in which to save the key (/home/user/.ssh/id_rsa):
113 Enter passphrase (empty for no passphrase):
114 Enter same passphrase again:
115 Your identification has been saved in /home/user/.ssh/id_rsa.
116 Your public key has been saved in /home/user/.ssh/id_rsa.pub.
117 The key fingerprint is:
118 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 user@host
119
1205. Update authorized_keys files (if necessary)
121
122 Once the user keys have been regenerated, the relevant public keys must
123 be propagated to any authorized_keys files on remote systems. Be sure to
124 delete the affected key.
125
126OpenSSL:
127
1281. Install the security update
129
1302. Create new certificates to replace any server or client certificates in use
131 on the system
132
1333. If certificates have been generated for use on other systems, they must be
134 found and replaced as well.
diff --git a/debian/openssh-server.templates b/debian/openssh-server.templates
index 6c1187e7f..d6c7e6f78 100644
--- a/debian/openssh-server.templates
+++ b/debian/openssh-server.templates
@@ -81,4 +81,5 @@ _Description: Vulnerable host keys will be regenerated
81 ${HOST_KEYS} 81 ${HOST_KEYS}
82 . 82 .
83 User keys may also be affected by this problem. The 'ssh-vulnkey' command 83 User keys may also be affected by this problem. The 'ssh-vulnkey' command
84 may be used as a partial test for this. 84 may be used as a partial test for this. See
85 /usr/share/doc/openssh-server/README.compromised-keys for more details.
diff --git a/debian/rules b/debian/rules
index 746624498..2136c2ec8 100755
--- a/debian/rules
+++ b/debian/rules
@@ -213,7 +213,7 @@ binary-openssh-client: build install
213 dh_testdir 213 dh_testdir
214 dh_testroot 214 dh_testroot
215 dh_installdebconf 215 dh_installdebconf
216 dh_installdocs OVERVIEW README README.dns README.tun debian/faq.html 216 dh_installdocs OVERVIEW README README.dns README.tun debian/faq.html debian/README.compromised-keys
217 dh_installchangelogs ChangeLog ChangeLog.gssapi 217 dh_installchangelogs ChangeLog ChangeLog.gssapi
218 install -m644 debian/openssh-client.lintian debian/openssh-client/usr/share/lintian/overrides/openssh-client 218 install -m644 debian/openssh-client.lintian debian/openssh-client/usr/share/lintian/overrides/openssh-client
219 dh_strip 219 dh_strip