[wplug] OpenSSL security vulnerability
Patrick Wagstrom
patrick at wagstrom.net
Fri May 16 04:07:12 EDT 2008
Vance Kochenderfer wrote:
> Christopher DeMarco <demarco at maya.com> wrote:
>> The horse's mouth, as it were...
>> http://www.debian.org/security/2008/dsa-1576
>
> See also <http://www.debian.org/security/2008/dsa-1571> which
> includes a link to a tool to tell whether you have weak keys.
The updates that just came out for Ubuntu address most of these issues. In
addition to forcing you to regenerate server keys, they now have the
ssh-vulnkey command which will tell you if your keys are vulnerable.
Unfortunately, it only has information for DSA 1024 bit keys and RSA 2048
bit keys. If you use 4096 bit keys, then there is no information.
According to today's XKCD (at least the mouseover) some openssh
installations will reject logins with b0rked keys.
--Patrick
More information about the wplug
mailing list