## 20160522 AK ---- [[DebianVulnerabilityHandling/CZ|Ĩesky]] | '''english''' ---- = Openssl Vulnerability: Debian, Related Distributions and Everyone (CVE-2008-0166) = If CAcert clients have used ''openssl'' on a vulnerable platform to generate their private key, and this private key was used to generate a CSR that CAcert has issued, the following vulnerabilities apply: || '''Vulnerable key is used''' || '''Consequence''' || || in a server e.g. http(s) smtp(tls) || passive interception of network traffic from the server can be decrypted || || || in combination with a traffic redirection, like DNS spoofing or routing, a man-in-the-middle attack is possible || || as a client certificate for authentication || passive interception of network traffic from the client can be decrypted || || || in combination with a traffic redirection, like DNS spoofing or routing, a man-in-the-middle attack is possible || || || If a client public certificate is available, e.g. S/MIME certs, then an attacker can forge your private key and obtain access to client certificate authenticated services. || || S/MIME encryption || can to be decrypted without private key || || S/MIME signatures || signatures can be forged for arbitrary documents || If you have one of these keys, follow the certificate generation instructions to regenerate a key for your application ([[http://www.debian.org/security/key-rollover/|Debian Key-roller application guide]] or [[http://wiki.debian.org/SSLkeys|Debian Wiki SSLkeys]] as a guide). Once you have been issued with a new certificate, and it is operational, revoke your old certificate. == Is the key for my X509 affected? == At the moment there is no automated self-contained tool to determine if your key is vulnerable. Please submit your certificate to our HashServer (under development). Depending on your risk profile, you many want to generate a new key, if you suspect it to have been generated on a vulnerable platform, to avert even the potential risk. == For System administrators with vulnerable keys: == If you have used a Linux based distribution based off Debian (those that use ''apt'' as a package manager), then check the security announcement of your distribution for advice (for example [[http://www.debian.org/security/2008/dsa-1571|DSA-1571]], [[http://www.ubuntu.com/usn/usn-612-1|USN-612-1]]). Refer to your distribution security advice for the latest packages. Use a non-vulnerable version of [[http://www.openssl.org|Openssl]] (or another product) to regenerate certificates and revoke any certificates associated with vulnerable keys. == For System Administrators not using vulnerable keys: == Keep in mind that if you have kept keys from a previously installed vulnerable distribution then your keys are vulnerable. If you are performing client verification using certificates derived from vulnerable keys you may be susceptible to remote unauthorized access. Actions you may wish to take are to deploy a mechanism to mitigate brute force attempts like [[http://www.fail2ban.org|fail2ban]]. Server applications that support OCSP should enable this feature to prevent unauthorised access for the case when a user has revoked their certificate. == For users that generated vulnerable keys: == For X.509, regenerate your private key, redo a [[http://www.cacert.org/help.php?id=4|Certificate Signing Request (CSR)]], get a [[http://www.cacert.org/help.php?id=6|new certificate]], install into any active services, and revoke previous certificates. Do not use the "renew" feature of CAcert of an application, since this only renews the certificate, but not the key! == For all users: == As there are a number of man-in-the-middle attacks against services that have certificates we recommend you enable OCSP in your web browser ([[http://support.mozilla.com/en-US/kb/Options+window#Certificates|Firefox]], [[http://pkif.sourceforge.net/pkifocsp.html|IE6 + XP]]) and other X509 based client applications. == How CAcert is helping you: == The impact of non-random keys is significant. As all Certificate Authorities have significant holdings of public keys, CA's are in a position to determine if a number of user's have identical public keys. CAcert has developed [[http://hashserver.cacert.org]] as a public service to all users and CA's so that the non-random keys can be detected earlier. CAcert will be scanning all certificate issues to identify weak keys and advising users if they have keys identical to another user. ==== See also ... ==== * [[HashServer]] * [[DebianVulnerabilityHandling]] (this page) * [[SystemAdministration/Systems]] * [[OtherTasks]] * [[http://blog.cacert.org/2008/05/302.html]] ---- . CategorySystems