Linux Solutions

A security researcher recently disclosed vulnerability in widely used Linux distributions where attackers can guess cryptographic keys, possibly leading to the forgery of digital signatures and theft of confidential information.

HD Moore, best known as the exploit researcher who creates the Metasploit penetration testing framework, called the vulnerability in Debian and Unbuntu systems “ugly” and said it would be a big job for administrators to find every flawed key, and then re-issue them.

The bug, which was noted on Tuesday by the Debian Project, is in the random number generator used to produce a variety of digital keys, including SSH (Secure Shell) keys and SSL (Secure Socket Layer) certificates.

In Moore’s blog yesterday he boasted that it was relatively easy to “guess” keys and claimed he was able to generate 1024- and 2048-bit keys in about two hours. However, He estimated that an 8192-bit RSA key set would take some 3,100 hours (about 129 days) to generate.

Moore also published several key-generating tools - collectively dubbed “Toys” - that included a shared library and a key generation script.

With this news hitting the internet, other researcher’s began to post notices on their web sites. Bojan Zdrnia, an analyst at the Internet Storm Center (ISC) said, “This is very, very, very serious and scary.”

“The development of automated scripts exploiting keys looks like a real threat to SSH servers around the world,” he added.

Symantec Corp. also warned customers of its DeepSight threat network of the vulnerability noting that, another hacker “Markus M” published a tool that automates brute-force attacks of the key weakness to the Full Disclosure security mailing list.

It’s not just users running Debian-based systems who are at risk, Moore cautioned, but virtually anyone. If data copied to other platforms has been secured by keys generated on a Debian distribution, that data could be snatched.

“There’s a lot of different areas that you’re going to have to look, not just within Debian,” Moore said. “Administrators will have to audit every single key. Even systems that do not use the Debian software need to be audited in case any key is being used that was created on a Debian system.”
Moore, ISC’s Zdrnja and others have recommended that Debian and Ubuntu users patch their systems - updates are available - and that users and administrators regenerate all keys produced on a Debian system between September 2006 and May 13, 2008. The September 2006 date, said Moore, was when the first builds that included the flaw were made available.

Although he said the situation is serious, Moore doubted that there would be general and widespread attacks. Instead, he said the most likely outcome would be targeted attacks on systems that administered large numbers of Debian users.

Moore also discounted any connection between the Debian vulnerability and his disclosures, and brute-force attacks some vendors, including Symantec, have been tracking the last 24 hours.

“The timing is definitely funny,” he acknowledged, but said the difference - the attacks have been against user-generated passwords, not authentication keys - means the two events are probably just coincidental.