Debian: A niche OS with a not-so-niche security flaw

Debian GNU/Linux, a particular distribution of the Linux operating system, is the result of a volunteer effort to create a free Unix-compatible operating system complete with a suite of applications. Like any operating system, it provides services to application programs that run on it. To provide cryptographic services such as Secure Sockets Layer (SSL), the OS uses the open source OpenSSL cryptography library.

Many encryption algorithms require a random value to seed or start the generation of a key. The problem with computers, however, is that they are not good at generating non-deterministic, high-quality random values. That's why you are often asked to move your mouse or type randomly on your keyboard when generating a digital certificate, as it provides some random values that the computer can use to initiate encryption. Failing to correctly generate truly random values for keys has caused a number of problems, including vulnerabilities in Kerberos, the X Window System, and the Network File System protocol.

Back in 2006, a developer working on the Debian project kept receiving compiler warnings of possible memory leaks in the OpenSSL package because of uninitialised memory, use of which is shunned as a bad development practice. Debian consulted the OpenSSL team but for unclear reasons it decided to go ahead with its own fix before the issue had been broadly assessed.

Unfortunately, as Debian researcher Luciano Bello discovered, instead of removing the specific procedure calls to the uninitialised memory areas, Debian's changes prevented any random data from being used during key generation. Therefore the Debian OpenSSL was only using a finite number of possible Linux process IDs to generate SSH and SSL/TSL keys, making them predictable. In fact, an attacker could figure them out by using a simple brute force attack, potentially compromising encryption keys and the data they protected.

A fix was released in May of this year, but what are the effects of this security flaw? Although it only directly affects Debian and other Debian-based distributions, such as Ubuntu, other systems can be indirectly affected if vulnerable keys generated by these systems have been imported into them. Affected keys include DSA, SSH, OpenVPN, DNSSEC, and those used in X.509 digital certificates and session keys used in SSL/TLS connections.

So, for example, any Digital Signature Algorithm (DSA) keys generated by an affected Debian system and used for signing or authentication purposes should be considered compromised; the Digital Signature Algorithm relies on a random value used during signature generation.

The aspect of this vulnerability that concerns me most is that those affected need to do more than just apply a patch: After updating the software, new keys must be generated. Organisations that rely on Debian-based distributions with OpenSSL to generate a certificate signing request (CSR) and private keys for SSL certificates will also have to regenerate their private keys and request certificate reissues. But without patching, security managers run the risk of leaving encryption and authentication vulnerable to hackers -- and yes, there are already scripts available online that allow brute forcing of vulnerable SSH keys.

Although no sites or communication channels have been reported compromised, and no real-world attacks have occurred as of yet, any site using these weak certificates is vulnerable to attackers seeking to impersonate a site or compromise the confidentiality of its communication channels. If there is any question about the integrity of keys, organisations should regenerate all cryptographic keys generated on Debian systems since September 2006 and revoke all certificates issued using those keys.

While this vulnerability was dealt with quickly once it was discovered, the way in which it was created has no doubt sullied the reputation of open source software somewhat. Does it suggest deeper security issues for Linux? I don't think so. But what it does do is highlight the need for close dialog between developers within the open source community. Better communication can help to ensure the integrity of critical and widely used modules.

About the author:
Michael Cobb, CISSP-ISSAP is the founder and managing director of Cobweb Applications Ltd., a consultancy that offers IT training and support in data security and analysis. He co-authored the book IIS Security and has written numerous technical articles for leading IT publications.

Rate this Tip To rate tips, you must be a member of SearchSecurity.co.UK. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Threats and security advisories Web advertising exploits: Protecting Web browsers and servers Planning for 'DRAM remanence' Ransomware: How to deal with advanced encryption algorithms Protecting exposed servers from Google hacks (and Google 'dorks') Malware trends suggest new twists on old tricks iPhone security in the enterprise: Mitigating the risks Battling image spam 2006 Products of the Year: Antispyware 2006 Products of the Year: Antivirus 2006 Products of the Year: Authentication Platform Security Solutions Windows security: Remote Desktop, hosts file and keyboard lock down Sophos adds browser and virtualisation blocking features Virtualisation success requires security preparation Database patch denial: How 'critical' are Oracle's CPUs? More built-in Windows commands for system analysis Microsoft WIL: How to take control of data integrity levels What are the dangers of using social networking sites? Microsoft PatchGuard: Locking down the kernel, or locking out security? OpenBSD: an untapped resource for tight security Malware infections down 60% at UK firms Secure Coding Finjan offers free audits for crimeware sufferers (ISC)2 targets software developers with secure accreditation PGP and IBM kickstart Bletchley Park rescue Hacker toolkit targets Microsoft Access zero-day How can app developers solve a problem like insecure code? Coders need to forget 'groovy' features, remember security The re-birth of the metamorphic virus Enterprise security in 2008: Building trust into the application development process Cross-build injection attacks: Keeping an eye on Web applications' open source components Group releases Java standards for secure development RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Serious Organized Crime Agency  (SearchSecurityUK.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.