Re: Debian libssl security (OpenSSH safe?)

[Tim Post]

On Thu, 2008-05-15 at 06:31 -0700, Darrin Chandler wrote:
 Can you explain why that's not effective? Do you know ssh-vulnkey (or
 the Perl script) does not reliably detect bad keys?

Just to ensure I have facts separated from co-workers just going on
paranoid tangents, I checked again and asked those who noted it did not
work exactly what happened now that the 'knee jerk' syndrome is over.

2 people might have botched the install (not a reliable indicator)

3 Did not have ordinary configurations (again, not a reliable indicator)

1 Reported weak keys weren't detected. 

So, I guess I can't be sure. I know that it didn't work for some but
that might be due to human error. Things go badly when rushing :)

What does seem correct is that the utility can't guess beyond the
typical locations and names.

Sorry for the ambiguity, 
--Tim

-- 
Monkey + Typewriter = Echoreply ( http://echoreply.us )

Re: Debian libssl security (OpenSSH safe?)

[Tim Post]

On Thu, 2008-05-15 at 10:02 +0100, Dave Ewart wrote:

 Debian (and thus also Ubuntu) have released updated openssh packages
 which include a new tool called ssh-vulnkey which can be used to check
 the running system[1] for vulnerable keys: ssh-vulnkey works similarly
 to the Perl script in the Debian announcement. 

That is not 100% effective (afiak). Its still advised that you toss any
key that you are not 100% certain came from a non-effected system for
every user.

They can always go back in once your sure that they are safe.

 I believe the original assessment was correct: *all* systems running SSH
 ought to check for these vulnerable keys, not just those systems running
 Debian or derivatives. 

Correct, It is a user propagated issue. Its best to just chuck all keys
for now and put them back as you're sure that they did not come from a
buggy keygen.

  Yes, it's Debian's fault, but we all have to
 manage the consequences.

Shit happens :)

-- 
Monkey + Typewriter = Echoreply ( http://echoreply.us )

Re: Debian libssl security (OpenSSH safe?)

[Dave Ewart]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thursday, 15.05.2008 at 07:11 +0200, Otto Moerbeek wrote:

 On Wed, May 14, 2008 at 07:43:25PM -0700, Darrin Chandler wrote:
 
  On Wed, May 14, 2008 at 10:22:11PM -0400, Ted Unangst wrote:
   On 5/14/08, Ben Calvert [EMAIL PROTECTED] wrote:
On May 14, 2008, at 5:22 PM, Darrin Chandler wrote:
 Are you sure that's a decent analysis? If you have a
 non-debian system with the full number of keys available, what
 are the chances that you've landed on one of the 32767 keys?
 Not very likely. So that analysis seems alarmist and
 sensational to me.
   
   Because nobody would ever run ssh-keygen on their ubuntu desktop
   and copy that to authorized_keys on another computer.
  
  Sure. Lots of those keys out there already. So is something like
  ssh-vulnkey the right approach? I do have a couple of users on one
  of my boxes. Mind, they're all good OpenBSD people and I really hope
  their keys didn't come from a debian box. It'll be nice to find out
  that the keys are ok.
 
 You can use the perl script in the debian announcement to check host
 keys and user keys. 

For info

Debian (and thus also Ubuntu) have released updated openssh packages
which include a new tool called ssh-vulnkey which can be used to check
the running system[1] for vulnerable keys: ssh-vulnkey works similarly
to the Perl script in the Debian announcement.  The package has also had
an additional option added to sshd_config which blacklists (i.e. stops
use of) these vulnerable keys.  Once updated, Debian and Ubuntu systems
will reject connections based on these vulnerable keys.

One of my machines at home is an Ubuntu laptop and my OpenBSD box had a
copy of its public key in ~/.ssh/authorized_keys so that logging into it
is simpler from the laptop - if this box were exposed to the world, then
it would only take 32,000 attempts to get into it, if my username is
known.  I've removed the vulnerable public key from the OpenBSD box now.

I believe the original assessment was correct: *all* systems running SSH
ought to check for these vulnerable keys, not just those systems running
Debian or derivatives.  Yes, it's Debian's fault, but we all have to
manage the consequences.  If only Debian and Ubuntu's openssh is
updated, then they will be *more* secure than non-updated OpenBSD,
Solaris, Red Hat Linux etc.

Cheers,

Dave.

[1] It checks host keys and also the contents of authorized_keys

- -- 
Dave Ewart
iD8DBQFIK/wbbpQs/WlN43ARAnKvAJ4pYbbhW4pCYvp7hqApTCqr43BWmwCg864Q
xBTY5bfIl4KLiSsYsDMplS8=
=5mhX
-END PGP SIGNATURE-

Re: Debian libssl security (OpenSSH safe?)

[Stuart Henderson]

On 2008-05-15, Ben Calvert [EMAIL PROTECTED] wrote:
 and it only applies if you're using keys _without_passphrase_.

Passphrases protect your on-disk copy of the key. The key can be
re-encrypted with a different key, or decrypted and written out, it's
still the same key. If you ssh-keygen -p, you don't need to change
authorized_keys files on all the hosts where your key is listed.

The metasploit generated keys are obviously not encrypted, so there
are sets of private keys floating round for each of 1Kb DSA, 2Kb and
now 4Kb RSA...

 do people actually allow remote root access ?  for more than 5 minutes  
 after install?

Yes, though PermitRootLogin without-password is not uncommon, so that
those pesky insecure passwords can't be used, only allowing the nice
secure private keys instead. Oh wait...

Anyone know if it's possible to require more than one type of
authentication, e.g. _both_ password and key-based? I didn't see a
way, but may have missed something.

Re: Debian libssl security (OpenSSH safe?)

[Darrin Chandler]

On Thu, May 15, 2008 at 05:44:32PM +0800, Tim Post wrote:
 On Thu, 2008-05-15 at 10:02 +0100, Dave Ewart wrote:
 
  Debian (and thus also Ubuntu) have released updated openssh packages
  which include a new tool called ssh-vulnkey which can be used to check
  the running system[1] for vulnerable keys: ssh-vulnkey works similarly
  to the Perl script in the Debian announcement. 
 
 That is not 100% effective (afiak). Its still advised that you toss any
 key that you are not 100% certain came from a non-effected system for
 every user.
 
 They can always go back in once your sure that they are safe.

Can you explain why that's not effective? Do you know ssh-vulnkey (or
the Perl script) does not reliably detect bad keys?

-- 
Darrin Chandler|  Phoenix BSD User Group  |  MetaBUG
[EMAIL PROTECTED]   |  http://phxbug.org/  |  http://metabug.org/
http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG Federation

Re: Debian libssl security (OpenSSH safe?)

[Douglas A. Tutty]

On Thu, May 15, 2008 at 12:53:06AM +, Jussi Peltola wrote:
 On Wed, May 14, 2008 at 05:30:18PM -0700, Ben Calvert wrote:
  On May 14, 2008, at 5:22 PM, Darrin Chandler wrote:
  On Thu, May 15, 2008 at 01:45:51AM +0200, raven wrote:
 
  do people actually allow remote root access ?  for more than 5 minutes  
  after install?
 
 Too many people still use SSH public keys for root in automated scripts.
 Besides, cracking your normal user account can result in just as bad
 consequences as cracking the root account, especially if you su or sudo
 to root...
 

Remember that in linux/debian, files don't inheret the ownership of the
directory into which they are placed.  Therefore, e.g for copying backup
files from one box to another with rsync, if a normal user does it
(assuming that user has write permission to, e.g. on debian
/var/local/backup, then the files end up owned by that user.  The user
can't change the ownership to root.  This may not seem like a huge
problem for e.g. tarballs that protect the ownership and permissions of
files but for regular files, eg copies from /etc, then its an issue.
Also, during restore, if that uid is either not the same user or no user
at all, things can get interesting.

Better to have root have ssh access to the backup repository box for
rsyncing the backups.

Root has to do the backups since debian packages don't come set up for
operator to be able to read otherwise unreadable files.

Doug.

Re: More details show that someone seriously fucked up in debian. [Was: Re: Debian libssl security (OpenSSH safe?)]

[Damien Miller]

On Wed, 14 May 2008, chefren wrote:

 On 5/13/08 7:08 PM, Marc Espie wrote:
 
  More details show that someone seriously fucked up in debian.
 
 Well, this Kurt has seriously asked for details on the relevant openssl-dev
 list:
 
 http://marc.info/?l=openssl-devm=114651085826293w=2
 
 And see what arrogant as usual Ben Laurie states:
 
 http://www.links.org/?p=327

 they should contribute their patches upstream to the package
 maintainers. Had Debian done this in this case, we (the OpenSSL Team)
 would have fallen about laughing, and once we had got our breath back,
 told them what a terrible idea this was.

 Kurt has clearly done so,

No, he hasn't. A question posed to a predominatly users' mailing list is
not the same as a proper bug report and patch submission. Vendors,
especially the size of Debian, should be held to a high standard of 
behaviour. Critically, he didn't identify that he was considering removing
these lines *for every user of Debian*.

 and I know personally of another totally
 ignored patch from our company and I have heard in the past about
 OpenBSD people trying to send patches to OpenSSL maintainers to no
 avail.

Speaking as someone who has done the last two revs of the OpenBSD libssl,
I haven't tried to upstream our changes - they OpenBSD specific things
like using /dev/arandom and /dev/crypto. I think that any serious patch
we sent would have a good chance of inclusion.

 The OpenSSL maintainers have proven not to read their mail, they aren't
 interested in cleaning up their big mess.

 Laurie also states never fix a bug you dont understand and this
 OpenSSL hero seems to forget that something that seems smart and OK
 now and here can be plain bad and ugly when looked at with some more
 distance or knowledge.

No, he is 100% correct. Vendors adding value to security software 
when they lack basic code comprehension skills is simply dangerous to
their users. It is surprising that this should be controversial.

 His Adding uninitialised memory to it can do no harm and might do
 some good, which is why we do it. is pure arrogant and shortsighted
 shit to me.

Congratulations, you have just demonstrated youself to be the same
category of incomprehension as the Debian developers.

-d

Re: More details show that someone seriously fucked up in debian. [Was: Re: Debian libssl security (OpenSSH safe?)]

[Otto Moerbeek]

On Wed, May 14, 2008 at 12:48:41AM +0200, chefren wrote:

 On 5/13/08 7:08 PM, Marc Espie wrote:

 More details show that someone seriously fucked up in debian.

 Well, this Kurt has seriously asked for details on the relevant openssl-dev
 list:

 http://marc.info/?l=openssl-devm=114651085826293w=2


 And see what arrogant as usual Ben Laurie states:

 http://www.links.org/?p=327

 they should contribute their patches upstream to the package maintainers.
 Had Debian done this in this case, we (the OpenSSL Team) would have fallen
 about laughing, and once we had got our breath back, told them what a
 terrible idea this was.


 Kurt has clearly done so, and I know personally of another totally ignored
 patch from our company and I have heard in the past about OpenBSD people
 trying to send patches to OpenSSL maintainers to no avail.

 The OpenSSL maintainers have proven not to read their mail, they aren't
 interested in cleaning up their big mess.


 Laurie also states never fix a bug you dont understand and this OpenSSL
 hero seems to forget that something that seems smart and OK now and here
 can be plain bad and ugly when looked at with some more distance or
 knowledge.

 His Adding uninitialised memory to it can do no harm and might do some
 good, which is why we do it. is pure arrogant and shortsighted shit to me.

 +++chefren

Of course it is wrong to /depend/ on uninitialized mem to stir a
random pool. Often uninitialized means lots of zeroes or predictable
stack contents.

But the actual Debian diff that was committed removes any stirring, it
seems. From a quick view, no actual data from the passed in argument
is being used to stir the pool anymore. Now that is the real problem.
Because even if you have collected nice date with high entropy to seed
the PRNG, it will be ignored.

The openssl-dev list did not spot that, and indeed, that is
disturbing. But Kurt never actually posted a diff there: so it's easy
for the two two sided to be talking about different things.

As for the arrogance: i'm pretty sure openssl proper contains more
bugs. When I wrote our dc(1) (which uses the bignum lib from openssl)
that occurred whan adding 0 to a bignum A, which resulted in A not
being equal to the result. I was quite suprised that bug was never
found before. Probably crypto code only covers parts of the bignum
functionality. The handing of that bug was adequate, though.

-Otto

Re: Debian libssl security (OpenSSH safe?)

[Gabriel Linder]

On Tue, 13 May 2008 11:14:59 -0500
Sean Malloy [EMAIL PROTECTED] wrote:

 On Tue, May 13, 2008 at 11:37:38AM -0400, Juan Miscaro wrote:
  I guess everyone by now has heard about the very serious libssl
  vulnerability on Debian/Ubuntu?
  
  Just making sure that the source is safe, thanks.
  
  /juan
 
 Here is a quote from the official Debian Security announcement,
 DSA-1571 http://www.debian.org/security/2008/dsa-1571.
 
 This is a Debian-specific vulnerability which does not affect other
 operating systems which are not based on Debian. However, other
 systems can be indirectly affected if weak keys are imported into
 them.
 

Just wondering... If someone generates ssh keys with flags J or Z
set in malloc.conf(5), aren't these keys useless too (since feeding
predictable data is more or less equal to not feeding data at all) ?

Re: Debian libssl security (OpenSSH safe?)

[Otto Moerbeek]

On Wed, May 14, 2008 at 09:41:43AM +0200, Gabriel Linder wrote:

 On Tue, 13 May 2008 11:14:59 -0500
 Sean Malloy [EMAIL PROTECTED] wrote:
 
  On Tue, May 13, 2008 at 11:37:38AM -0400, Juan Miscaro wrote:
   I guess everyone by now has heard about the very serious libssl
   vulnerability on Debian/Ubuntu?
   
   Just making sure that the source is safe, thanks.
   
   /juan
  
  Here is a quote from the official Debian Security announcement,
  DSA-1571 http://www.debian.org/security/2008/dsa-1571.
  
  This is a Debian-specific vulnerability which does not affect other
  operating systems which are not based on Debian. However, other
  systems can be indirectly affected if weak keys are imported into
  them.
  
 
 Just wondering... If someone generates ssh keys with flags J or Z
 set in malloc.conf(5), aren't these keys useless too (since feeding
 predictable data is more or less equal to not feeding data at all) ?

We're talking about stack data here, not heap, and besides, the
uninited data is only an extra source of entropy. The faulty Debian
diff removed almost all seeding from the PRNG. That was the acutal
error. 

-Otto

Re: Debian libssl security (OpenSSH safe?)

[Ted Unangst]

On 5/14/08, Gabriel Linder [EMAIL PROTECTED] wrote:
 Just wondering... If someone generates ssh keys with flags J or Z
  set in malloc.conf(5), aren't these keys useless too (since feeding
  predictable data is more or less equal to not feeding data at all) ?

feeding predictable data + unpredictable data is not the same as
feeding no data at all.

Re: More details show that someone seriously fucked up in debian. [Was: Re: Debian libssl security (OpenSSH safe?)]

[Otto Moerbeek]

On Wed, May 14, 2008 at 08:47:38AM +0200, Otto Moerbeek wrote:

 On Wed, May 14, 2008 at 12:48:41AM +0200, chefren wrote:

  On 5/13/08 7:08 PM, Marc Espie wrote:
 
  More details show that someone seriously fucked up in debian.
 
  Well, this Kurt has seriously asked for details on the relevant
openssl-dev
  list:
 
  http://marc.info/?l=openssl-devm=114651085826293w=2
 
 
  And see what arrogant as usual Ben Laurie states:
 
  http://www.links.org/?p=327
 
  they should contribute their patches upstream to the package
maintainers.
  Had Debian done this in this case, we (the OpenSSL Team) would have
fallen
  about laughing, and once we had got our breath back, told them what a
  terrible idea this was.
 
 
  Kurt has clearly done so, and I know personally of another totally
ignored
  patch from our company and I have heard in the past about OpenBSD people
  trying to send patches to OpenSSL maintainers to no avail.
 
  The OpenSSL maintainers have proven not to read their mail, they aren't
  interested in cleaning up their big mess.
 
 
  Laurie also states never fix a bug you dont understand and this
OpenSSL
  hero seems to forget that something that seems smart and OK now and
here
  can be plain bad and ugly when looked at with some more distance or
  knowledge.
 
  His Adding uninitialised memory to it can do no harm and might do some
  good, which is why we do it. is pure arrogant and shortsighted shit to
me.
 
  +++chefren

 Of course it is wrong to /depend/ on uninitialized mem to stir a
 random pool. Often uninitialized means lots of zeroes or predictable
 stack contents.

 But the actual Debian diff that was committed removes any stirring, it
 seems. From a quick view, no actual data from the passed in argument
 is being used to stir the pool anymore. Now that is the real problem.
 Because even if you have collected nice date with high entropy to seed
 the PRNG, it will be ignored.

 The openssl-dev list did not spot that, and indeed, that is
 disturbing. But Kurt never actually posted a diff there: so it's easy
 for the two two sided to be talking about different things.

 As for the arrogance: i'm pretty sure openssl proper contains more
 bugs. When I wrote our dc(1) (which uses the bignum lib from openssl)
 that occurred whan adding 0 to a bignum A, which resulted in A not
 being equal to the result. I was quite suprised that bug was never

Ehh, this part is missing something. What I meant to write:

As for the arrogance: i'm pretty sure openssl proper contains bugs.
When I wrote our dc(1) (which uses the bignum lib from openssl) I
stumbled upon a bug that occurred when adding 0 to a bignum A, which
resulted in A not being equal to the result. I was quite surprised that
bug was never

 found before. Probably crypto code only covers parts of the bignum
 functionality. The handing of that bug was adequate, though.

   -Otto

Re: Debian libssl security (OpenSSH safe?)

[raven]

Ted Unangst ha scritto:

On 5/14/08, Gabriel Linder [EMAIL PROTECTED] wrote:
  

Just wondering... If someone generates ssh keys with flags J or Z
 set in malloc.conf(5), aren't these keys useless too (since feeding
 predictable data is more or less equal to not feeding data at all) ?

A decent analysis can be found here... just to understand what can do a 
comment /* */  :)

http://blog.drinsama.de/erich/en/linux/2008051401-consequences-of-sslssh-weakness.html


francesco

Re: Debian libssl security (OpenSSH safe?)

[Darrin Chandler]

On Thu, May 15, 2008 at 01:45:51AM +0200, raven wrote:
 Ted Unangst ha scritto:
 On 5/14/08, Gabriel Linder [EMAIL PROTECTED] wrote:
   
 Just wondering... If someone generates ssh keys with flags J or Z
  set in malloc.conf(5), aren't these keys useless too (since feeding
  predictable data is more or less equal to not feeding data at all) ?
 
 A decent analysis can be found here... just to understand what can do a 
 comment /* */  :)
 http://blog.drinsama.de/erich/en/linux/2008051401-consequences-of-sslssh-weakness.html

Are you sure that's a decent analysis? If you have a non-debian system
with the full number of keys available, what are the chances that you've
landed on one of the 32767 keys? Not very likely. So that analysis seems
alarmist and sensational to me.

-- 
Darrin Chandler|  Phoenix BSD User Group  |  MetaBUG
[EMAIL PROTECTED]   |  http://phxbug.org/  |  http://metabug.org/
http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG Federation

Re: Debian libssl security (OpenSSH safe?)

[Ben Calvert]

On May 14, 2008, at 5:22 PM, Darrin Chandler wrote:


On Thu, May 15, 2008 at 01:45:51AM +0200, raven wrote:


A decent analysis can be found here... just to understand what can  
do a

comment /* */  :)
http://blog.drinsama.de/erich/en/linux/2008051401-consequences-of-sslssh-weakness.html


Are you sure that's a decent analysis? If you have a non-debian system
with the full number of keys available, what are the chances that  
you've
landed on one of the 32767 keys? Not very likely. So that analysis  
seems

alarmist and sensational to me.


and it only applies if you're using keys _without_passphrase_.  on  
your root account.


do people actually allow remote root access ?  for more than 5 minutes  
after install?

Re: Debian libssl security (OpenSSH safe?)

[Jussi Peltola]

On Wed, May 14, 2008 at 05:30:18PM -0700, Ben Calvert wrote:
 On May 14, 2008, at 5:22 PM, Darrin Chandler wrote:
 
 On Thu, May 15, 2008 at 01:45:51AM +0200, raven wrote:
 
 A decent analysis can be found here... just to understand what can  
 do a
 comment /* */  :)
 http://blog.drinsama.de/erich/en/linux/2008051401-consequences-of-sslssh-weakness.html
 
 Are you sure that's a decent analysis? If you have a non-debian system
 with the full number of keys available, what are the chances that  
 you've
 landed on one of the 32767 keys? Not very likely. So that analysis  
 seems
 alarmist and sensational to me.

Your users may very well have keys generated on debian based systems.
I don't know about you, but I don't want just anyone getting a luser account
on my systems.

 and it only applies if you're using keys _without_passphrase_.  on  
 your root account.
Umm, no? What does the passphrase have to do with this...

 do people actually allow remote root access ?  for more than 5 minutes  
 after install?

Too many people still use SSH public keys for root in automated scripts.
Besides, cracking your normal user account can result in just as bad
consequences as cracking the root account, especially if you su or sudo
to root...

Re: Debian libssl security (OpenSSH safe?)

[Ted Unangst]

On 5/14/08, Ben Calvert [EMAIL PROTECTED] wrote:
 On May 14, 2008, at 5:22 PM, Darrin Chandler wrote:
  Are you sure that's a decent analysis? If you have a non-debian system
  with the full number of keys available, what are the chances that you've
  landed on one of the 32767 keys? Not very likely. So that analysis seems
  alarmist and sensational to me.

Because nobody would ever run ssh-keygen on their ubuntu desktop and
copy that to authorized_keys on another computer.


  and it only applies if you're using keys _without_passphrase_.  on your
 root account.

  do people actually allow remote root access ?  for more than 5 minutes
 after install?

lots of people.  some people even type sudo or su after logging in.
not all of them type the full path every time they do so.

Re: Debian libssl security (OpenSSH safe?)

[Darrin Chandler]

On Wed, May 14, 2008 at 10:22:11PM -0400, Ted Unangst wrote:
 On 5/14/08, Ben Calvert [EMAIL PROTECTED] wrote:
  On May 14, 2008, at 5:22 PM, Darrin Chandler wrote:
   Are you sure that's a decent analysis? If you have a non-debian system
   with the full number of keys available, what are the chances that you've
   landed on one of the 32767 keys? Not very likely. So that analysis seems
   alarmist and sensational to me.
 
 Because nobody would ever run ssh-keygen on their ubuntu desktop and
 copy that to authorized_keys on another computer.

Sure. Lots of those keys out there already. So is something like
ssh-vulnkey the right approach? I do have a couple of users on one of my
boxes. Mind, they're all good OpenBSD people and I really hope their
keys didn't come from a debian box. It'll be nice to find out that the
keys are ok.

-- 
Darrin Chandler|  Phoenix BSD User Group  |  MetaBUG
[EMAIL PROTECTED]   |  http://phxbug.org/  |  http://metabug.org/
http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG Federation

Re: Debian libssl security (OpenSSH safe?)

[Ted Unangst]

On 5/14/08, Darrin Chandler [EMAIL PROTECTED] wrote:
 Sure. Lots of those keys out there already. So is something like
  ssh-vulnkey the right approach? I do have a couple of users on one of my
  boxes. Mind, they're all good OpenBSD people and I really hope their
  keys didn't come from a debian box. It'll be nice to find out that the
  keys are ok.

Probably the best that can be done.  This is a lot worse than a weak
prng making numbers such that you can predict the next one given a
previous one.  Personally, I haven't given much thought to the problem
as I don't have users.  But I think a safe, complete response goes a
lot farther than just replacing a few bad keys.

Re: Debian libssl security (OpenSSH safe?)

[Otto Moerbeek]

On Wed, May 14, 2008 at 07:43:25PM -0700, Darrin Chandler wrote:

 On Wed, May 14, 2008 at 10:22:11PM -0400, Ted Unangst wrote:
  On 5/14/08, Ben Calvert [EMAIL PROTECTED] wrote:
   On May 14, 2008, at 5:22 PM, Darrin Chandler wrote:
Are you sure that's a decent analysis? If you have a non-debian system
with the full number of keys available, what are the chances that you've
landed on one of the 32767 keys? Not very likely. So that analysis seems
alarmist and sensational to me.
  
  Because nobody would ever run ssh-keygen on their ubuntu desktop and
  copy that to authorized_keys on another computer.
 
 Sure. Lots of those keys out there already. So is something like
 ssh-vulnkey the right approach? I do have a couple of users on one of my
 boxes. Mind, they're all good OpenBSD people and I really hope their
 keys didn't come from a debian box. It'll be nice to find out that the
 keys are ok.

You can use the perl script in the debian announcement to check host
keys and user keys. 

-Otto

Re: Debian libssl security (OpenSSH safe?)

[Sean Malloy]

On Tue, May 13, 2008 at 11:37:38AM -0400, Juan Miscaro wrote:
 I guess everyone by now has heard about the very serious libssl
 vulnerability on Debian/Ubuntu?
 
 Just making sure that the source is safe, thanks.
 
 /juan

Here is a quote from the official Debian Security announcement,
DSA-1571 http://www.debian.org/security/2008/dsa-1571.

This is a Debian-specific vulnerability which does not affect other
operating systems which are not based on Debian. However, other systems
can be indirectly affected if weak keys are imported into them.

-- 
Sean Malloy
www.spmalloy.com

Re: Debian libssl security (OpenSSH safe?)

[Marc Espie]

On Tue, May 13, 2008 at 11:14:59AM -0500, Sean Malloy wrote:
 On Tue, May 13, 2008 at 11:37:38AM -0400, Juan Miscaro wrote:
  I guess everyone by now has heard about the very serious libssl
  vulnerability on Debian/Ubuntu?
  
  Just making sure that the source is safe, thanks.
  
  /juan
 
 Here is a quote from the official Debian Security announcement,
 DSA-1571 http://www.debian.org/security/2008/dsa-1571.
 
 This is a Debian-specific vulnerability which does not affect other
 operating systems which are not based on Debian. However, other systems
 can be indirectly affected if weak keys are imported into them.

More details show that someone seriously fucked up in debian.

Trusting automated reporting tools like valgrind is fairly dangerous.

I'm saddened that people still don't learn.

`but this is a serious security warning. This MUST be fixed, valgrind canNOT
be wrong.'

duh... well, it can, like every tool out there that understands the
source only so far... better than some humans, granted, but hopefully
not better (yet) than the people who write serious software...

Re: Debian libssl security (OpenSSH safe?)

[Marc Espie]

On Tue, May 13, 2008 at 09:41:00PM +0400, B A wrote:
 Can't find relation between bug in openssl deb package and valgring.
 There is no such info in the original link as I see (DSA-1571-1).
 Cold you be more specific and informative?
 Thank you.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=363516

Re: Debian libssl security (OpenSSH safe?)

[B A]

Yes. Not good idea to modify sources just for satisfying automatic testings 
tool.

Good lesson!



13.05.08, 21:53, Marc Espie [EMAIL PROTECTED]:



 On Tue, May 13, 2008 at 09:41:00PM +0400, B A wrote:

  Can't find relation between bug in openssl deb package and valgring.

  There is no such info in the original link as I see (DSA-1571-1).

  Cold you be more specific and informative?

  Thank you.

 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=363516

Re: Debian libssl security (OpenSSH safe?)

[B A]

Can't find relation between bug in openssl deb package and valgring.

There is no such info in the original link as I see (DSA-1571-1).

Cold you be more specific and informative?

Thank you.



13.05.08, 21:00, Marc Espie [EMAIL PROTECTED]:



 More details show that someone seriously fucked up in debian.

 Trusting automated reporting tools like valgrind is fairly dangerous.

 I'm saddened that people still don't learn.

 `but this is a serious security warning. This MUST be fixed, valgrind canNOT

 be wrong.'

 duh... well, it can, like every tool out there that understands the

 source only so far... better than some humans, granted, but hopefully

 not better (yet) than the people who write serious software...

More details show that someone seriously fucked up in debian. [Was: Re: Debian libssl security (OpenSSH safe?)]

[chefren]

On 5/13/08 7:08 PM, Marc Espie wrote:


More details show that someone seriously fucked up in debian.


Well, this Kurt has seriously asked for details on the relevant 
openssl-dev list:


http://marc.info/?l=openssl-devm=114651085826293w=2


And see what arrogant as usual Ben Laurie states:

http://www.links.org/?p=327

they should contribute their patches upstream to the package 
maintainers. Had Debian done this in this case, we (the OpenSSL Team) 
would have fallen about laughing, and once we had got our breath back, 
told them what a terrible idea this was.



Kurt has clearly done so, and I know personally of another totally 
ignored patch from our company and I have heard in the past about 
OpenBSD people trying to send patches to OpenSSL maintainers to no avail.


The OpenSSL maintainers have proven not to read their mail, they aren't 
interested in cleaning up their big mess.



Laurie also states never fix a bug you dont understand and this 
OpenSSL hero seems to forget that something that seems smart and OK 
now and here can be plain bad and ugly when looked at with some more 
distance or knowledge.


His Adding uninitialised memory to it can do no harm and might do some 
good, which is why we do it. is pure arrogant and shortsighted shit to me.


+++chefren