Difference between revisions of "Debian OpenSSL"
Jump to navigation
Jump to search
m (New page: This is a compilation of my notes on this matter ===Links=== * http://metasploit.com/users/hdm/tools/debian-openssl/ * http://www.debian.org/security/2008/dsa-1576 * http://www.yobi.be/fi...) |
m |
||
| Line 1: | Line 1: | ||
This is a compilation of my notes on this matter |
This is a compilation of my notes on this matter |
||
===Links=== |
===Links=== |
||
| ⚫ | |||
* http://www.debian.org/security/2008/dsa-1576 |
* http://www.debian.org/security/2008/dsa-1576 |
||
| ⚫ | |||
| − | |||
| − | * http://www. |
+ | * http://www.milw0rm.com/exploits/5622 |
| + | * http://www.yobi.be/files/blacklist.RSA-1024 32-bit Intel platform |
||
===misc=== |
===misc=== |
||
* http://www.nabble.com/blacklist.RSA-1024-missing--td17258799.html |
* http://www.nabble.com/blacklist.RSA-1024-missing--td17258799.html |
||
| + | |||
| + | ===OpenSSH=== |
||
| + | Etch version gives you openssh-blacklist package and ssh-vulnkey in openssh-client |
||
| + | <br>This Etch version has a sshd which checks all client connections against the blacklist so even if the keys are still in authorized_keys you should be safe |
||
| + | ===OpenSSL=== |
||
| + | wget https://launchpad.net/ubuntu/hardy/+source/openssl-blacklist/0.1-0ubuntu0.8.04.2/+files/openssl-blacklist_0.1-0ubuntu0.8.04.2.tar.gz |
||
| + | tar xzf openssl-blacklist_0.1-0ubuntu0.8.04.2.tar.gz |
||
| + | cd openssl-blacklist-0.1 |
||
| + | Edit debian/control and cleans the dependence on openssl for Ubuntu |
||
| + | fakeroot debian/rules binary |
||
| + | cd .. |
||
| + | sudo dpkg -i openssl-blacklist_0.1-0ubuntu0.8.04.2_all.deb |
||
| + | Now you have openssl-vulnkey tool |
||
| + | ===OpenVPN=== |
||
| + | It's not about the SSL keys, those can be checked with openssl-vulnkey. |
||
| + | <br>It's about the shared static keys (openvpn -genkey) |
||
| + | wget https://launchpad.net/ubuntu/hardy/+source/openvpn-blacklist/0.1-0ubuntu0.8.04.1/+files/openvpn-blacklist_0.1-0ubuntu0.8.04.1.tar.gz |
||
| + | tar xzf openvpn-blacklist_0.1-0ubuntu0.8.04.1.tar.gz |
||
| + | cd openvpn-blacklist-0.1 |
||
| + | fakeroot debian/rules binary |
||
| + | cd .. |
||
| + | sudo dpkg -i openvpn-blacklist_0.1-0ubuntu0.8.04.1_all.deb |
||
| + | Now you have openvpn-vulnkey tool |
||
Revision as of 11:22, 16 May 2008
This is a compilation of my notes on this matter
Links
- http://www.debian.org/security/2008/dsa-1576
- http://metasploit.com/users/hdm/tools/debian-openssl/
- http://www.milw0rm.com/exploits/5622
- http://www.yobi.be/files/blacklist.RSA-1024 32-bit Intel platform
misc
OpenSSH
Etch version gives you openssh-blacklist package and ssh-vulnkey in openssh-client
This Etch version has a sshd which checks all client connections against the blacklist so even if the keys are still in authorized_keys you should be safe
OpenSSL
wget https://launchpad.net/ubuntu/hardy/+source/openssl-blacklist/0.1-0ubuntu0.8.04.2/+files/openssl-blacklist_0.1-0ubuntu0.8.04.2.tar.gz tar xzf openssl-blacklist_0.1-0ubuntu0.8.04.2.tar.gz cd openssl-blacklist-0.1 Edit debian/control and cleans the dependence on openssl for Ubuntu fakeroot debian/rules binary cd .. sudo dpkg -i openssl-blacklist_0.1-0ubuntu0.8.04.2_all.deb
Now you have openssl-vulnkey tool
OpenVPN
It's not about the SSL keys, those can be checked with openssl-vulnkey.
It's about the shared static keys (openvpn -genkey)
wget https://launchpad.net/ubuntu/hardy/+source/openvpn-blacklist/0.1-0ubuntu0.8.04.1/+files/openvpn-blacklist_0.1-0ubuntu0.8.04.1.tar.gz tar xzf openvpn-blacklist_0.1-0ubuntu0.8.04.1.tar.gz cd openvpn-blacklist-0.1 fakeroot debian/rules binary cd .. sudo dpkg -i openvpn-blacklist_0.1-0ubuntu0.8.04.1_all.deb
Now you have openvpn-vulnkey tool