A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of shared encryption keys and SSL/TLS certificates in OpenVPN.
This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.
13 May 2008
A security issue affects these releases of Ubuntu and its derivatives:
A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of shared encryption keys and SSL/TLS certificates in OpenVPN.
This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.
We consider this an extremely serious vulnerability, and urge all users to act immediately to secure their systems.
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
Once the update is applied, weak shared encryption keys and SSL/TLS certificates will be rejected where possible (though they cannot be detected in all cases). If you are using such keys or certificates, OpenVPN will not start and the keys or certificates will need to be regenerated.
The safest course of action is to regenerate all OpenVPN certificates and key files, except where it can be established to a high degree of certainty that the certificate or shared key was generated on an unaffected system.
Once the update is applied, you can check for weak OpenVPN shared secret keys with the openvpn-vulnkey command.
$ openvpn-vulnkey /path/to/key
OpenVPN shared keys can be regenerated using the openvpn command.
$ openvpn –genkey –secret <file>
Additionally, you can check for weak SSL/TLS certificates by installing openssl-blacklist via your package manager, and using the openssl-vulkey command.
$ openssl-vulnkey /path/to/key
Please note that openssl-vulnkey only checks RSA private keys with 1024 and 2048 bit lengths. If in doubt, destroy the certificate and/or key and generate a new one. Please consult the OpenVPN documention when recreating SSL/TLS certificates.
Additionally, if certificates have been generated for use on other systems, they must be found and replaced as well.
Vulmon