Debian OpenSSL
Revision as of 10:22, 16 May 2008 by <bdi>PhilippeTeuwen</bdi> (talk | contribs)
This is a compilation of my notes on this matter
Links
- http://www.debian.org/security/2008/dsa-1576
- http://metasploit.com/users/hdm/tools/debian-openssl/
- http://www.milw0rm.com/exploits/5622
- http://www.yobi.be/files/blacklist.RSA-1024 32-bit Intel platform
misc
OpenSSH
Etch version gives you openssh-blacklist package and ssh-vulnkey in openssh-client
This Etch version has a sshd which checks all client connections against the blacklist so even if the keys are still in authorized_keys you should be safe
OpenSSL
wget https://launchpad.net/ubuntu/hardy/+source/openssl-blacklist/0.1-0ubuntu0.8.04.2/+files/openssl-blacklist_0.1-0ubuntu0.8.04.2.tar.gz tar xzf openssl-blacklist_0.1-0ubuntu0.8.04.2.tar.gz cd openssl-blacklist-0.1 Edit debian/control and cleans the dependence on openssl for Ubuntu fakeroot debian/rules binary cd .. sudo dpkg -i openssl-blacklist_0.1-0ubuntu0.8.04.2_all.deb
Now you have openssl-vulnkey tool
OpenVPN
It's not about the SSL keys, those can be checked with openssl-vulnkey.
It's about the shared static keys (openvpn -genkey)
wget https://launchpad.net/ubuntu/hardy/+source/openvpn-blacklist/0.1-0ubuntu0.8.04.1/+files/openvpn-blacklist_0.1-0ubuntu0.8.04.1.tar.gz tar xzf openvpn-blacklist_0.1-0ubuntu0.8.04.1.tar.gz cd openvpn-blacklist-0.1 fakeroot debian/rules binary cd .. sudo dpkg -i openvpn-blacklist_0.1-0ubuntu0.8.04.1_all.deb
Now you have openvpn-vulnkey tool