This vulnerability is 10 years 6 months and 2 days old there are exploits publicly available for it. The vulnerability itself is over a year old, and with there being exploits publicly available it is highly advisable that this vulnerability is patched immediately.
SynopsisThe remote SSH host is set up to accept authentication with weak Debian SSH keys.
On May 13th, 2008 the Debian project announced that Luciano Bello found an interesting vulnerability in the OpenSSL package they were distributing. The bug in question was caused by the removal of the following line of code from md_rand.c
MD_Update(&m,buf,j); [ .. ] MD_Update(&m,buf,j); /* purify complains */
These lines were removed because they caused the Valgrind and Purify tools to produce warnings about the use of uninitialized data in any code that was linked to OpenSSL. You can see one such report to the OpenSSL team here. Removing this code has the side effect of crippling the seeding process for the OpenSSL PRNG. Instead of mixing in random data for the initial seed, the only "random" value that was used was the current process ID. On the Linux platform, the default maximum process ID is 32,768, resulting in a very small number of seed values being used for all PRNG operations.
All SSL and SSH keys generated on Debian-based systems (Ubuntu, Kubuntu, etc) between September 2006 and May 13th, 2008 may be affected. In the case of SSL keys, all generated certificates will be need to recreated and sent off to the Certificate Authority to sign. Any Certificate Authority keys generated on a Debian-based system will need be regenerated and revoked. All system administrators that allow users to access their servers with SSH and public key authentication need to audit those keys to see if any of them were created on a vulnerable system. Any tools that relied on OpenSSL's PRNG to secure the data they transferred may be vulnerable to an offline attack. Any SSH server that uses a host key generated by a flawed system is subject to traffic decryption and a man-in-the-middle attack would be invisible to the users. This flaw is ugly because even systems that do not use the Debian software need to be audited in case any key is being used that was created on a Debian system. The Debian and Ubuntu projects have released a set of tools for identifying vulnerable keys. You can find these listed in the references section below.
SolutionRemove all the offending entries from ~/.ssh/authorized_keys.
CVE ReferencesCVE-2008-0166 NIST | MITRE | CVEDetails
Get in touch
Should you have any questions regarding this or any security matter, please do not hesitate to get in touch by emailing the Hedgehog Cyber Operations Team.
Whilst every effort is made to ensure the accuracy and robustness of any information presented, it is not possible for Hedgehog Cyber to test every possible scenario an organisation may face, and Hedgehog Cyber cannot be held liable for any loss or damage which may arise from taking action on any of the contents provided. Hedgehog Cyber strongly advises that all recommendations, solutions and detection methods detailed, are thoroughly reviewed and tested in non-production environments before being considered suitable for production release, in-line with any existing internal change control procedures.