A severe vulnerability was found in the random number generator (RNG) of the Debian OpenSSL package, starting with version 0.9.8c-1 (and similar packages in derived distributions such as Ubuntu). While this bug is not present in the OpenSSL packages provided by CentOS, it may still affect CentOS users.
The bug barred the OpenSSL random number generator from gaining enough entropy required for generating unpredicatable keys. In fact it appearss that the only source for entropy was the process ID of the process generating a key, which is chosen from a very small range and is predictable. As such, all keys generated using the Debian OpenSSL library should be considered compromized. Programs that use OpenSSL include OpenSSH and OpenVPN. Note that GnuPG and GNU TLS do not use OpenSSL, so they are not affected.
This vulnerability can affect CentOS machines through the use of keys that were generated with the OpenSSL package from Debian. For instance, if a user uses OpenSSH public key authentication to log on to a CentOS server, and this user generated the key pair with a vulnerable OpenSSL library, the server is at heavy risk because the key can be reproduced easily.
Additionally, all (good) DSA keys that were ever used on a vulnerable Debian machine for signing or authentication should also be considered compromized due to a known attack on DSA keys.
As a result of this bug, everyone should audit *every* key or cerficicate that was generated with OpenSSL, to trace its origin and make sure that it was not generated with a vulnerable Debian OpenSSL package. Or in the case of DSA keys care should be taken that they were not generated or used on a system with a vulnerable OpenSSL package. Keys that are potentially compromised should be replaced with strong keys.
The Debian Wiki[2] has a preliminary list of affected application. A tool to detect potentially weak keys is also provided, but it contains an incomplete list of affected keys and can give false positives.
The Metasploit project provides a full list of weak keys in various configurations[3].
Questions on how this may affect CentOS users should be directed to the CentOS users list. List subscription information is available from:
http://lists.centos.org/mailman/listinfo/centos
With kind regards, The CentOS Team
[1] http://www.debian.org/security/2008/dsa-1571 [2] http://wiki.debian.org/SSLkeys [3] http://metasploit.com/users/hdm/tools/debian-openssl/