[Uaflug] Debian SSH Advisory...
Orion Sky Lawlor
ffosl at uaf.edu
Tue May 13 14:29:06 AKDT 2008
Debian screwed up the openSSH key generation algorithm in 2007,
so SSH keys generated with Ubuntu 7.04, 7.10, and 8.04 are weak,
coming from a small set of known "blacklisted" keys that are fairly
easy to bruteforce.
They realized the bug 2008-05-13:
http://article.gmane.org/gmane.linux.debian.security.announce/1614
http://www.ubuntu.com/usn/usn-612-2
Debian/Ubuntu users, upgrade your packages! The new package
"ssh-vulnkey" will look for weak "blacklisted" keys on your machine.
I'm a big Ubuntu fan, and I found a few bad keys on my machines!
--
-Orion Sky Lawlor
http://lawlor.cs.uaf.edu/~olawlor/ ffosl at uaf.edu
---------- Forwarded message ----------
Date: Tue, 13 May 2008 12:45:17 -0500
From: Isaac Dooley <isaac at isaacdooley.com>
To: David Kunzman <kunzman2 at uiuc.edu>
Cc: Parallel Programming Lab <ppl at cs.uiuc.edu>
Subject: Re: SSH Advisory...
Here is the ubuntu advisory:
http://www.ubuntu.com/usn/usn-612-2
Isaac
More information about the uaflug
mailing list