SLUG Mailing List Archives - [SLUG] Debian SSH vulnerability: act now!

To: slug@xxxxxxxxxxx
Subject: [SLUG] Debian SSH vulnerability: act now!
From: Peter Chubb <peterc@xxxxxxxxxxxxxxxxxx>
Date: Fri, 16 May 2008 09:24:00 +1000
Organization: Gelato@UNSW
User-agent: Wanderlust/2.15.6 (Almost Unreal) SEMI/1.14.6 (Maruoka) FLIM/1.14.9 (Gojō) APEL/10.7 MULE XEmacs/21.4 (patch 21) (Educational Television) (i486-linux-gnu)

Just in case anyone missed it, there's been a major vulnerability for
any SSH keys generated on a debian system over the last two years or
so ... apparently the random number generator wasn't being seeded
right, so only a few distinct keys were actually generated.

The AARNET mirror doesn't have the updated packages as of this
morning, but the Optusnet mirror does ... I suggest that
 -- you install the new openssh-client package (version 1:4.7p1-9 on unstable)
 -- run ssh-vulnkey -a as root to find any vulnerable keys, and get
    your users to fix them.


--
Dr Peter Chubb  http://www.gelato.unsw.edu.au  peterc AT gelato.unsw.edu.au
http://www.ertos.nicta.com.au           ERTOS within National ICT Australia

Follow-Ups:
- Re: [SLUG] Debian SSH vulnerability: act now!
  - From: Jeff Waugh
- Re: [SLUG] Debian SSH vulnerability: act now!
  - From: Alex Samad
- Re: [SLUG] Debian SSH vulnerability: act now!
  - From: Adam Kennedy
- Re: [SLUG] Debian SSH vulnerability: act now!
  - From: Dave Kempe
- Re: [SLUG] Debian SSH vulnerability: act now!
  - From: Peter Hardy

Messages sorted by: [ date | thread ]
Prev by Date: Re: [SLUG] Anyone else having problems with Ubuntu's latest openvpn?
Next by Date: Re: [SLUG] Debian SSH vulnerability: act now!
Previous by thread: [SLUG] Get involved at the first OLPC Australia TechFest!
Next by thread: Re: [SLUG] Debian SSH vulnerability: act now!