Test ID:	1.3.6.1.4.1.25623.1.0.61055
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-612-7 ()
Summary:	Ubuntu USN-612-7 ()
Description:	The remote host is missing an update to announced via advisory USN-612-7. A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. Details follow: USN-612-2 introduced protections for OpenSSH, related to the OpenSSL vulnerabilities addressed by USN-612-1. This update provides the corresponding updates for OpenSSH in Ubuntu 6.06 LTS. While the OpenSSL in Ubuntu 6.06 is not vulnerable, this update will block weak keys generated on systems that may have been affected themselves. Original advisory details: A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: openssh-server 1:4.2p1-7ubuntu3.4 In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-612-7 Risk factor : High
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-0166 Bugtraq: 20080515 Debian generated SSH-Keys working exploit (Google Search) http://www.securityfocus.com/archive/1/archive/1/492112/100/0/threaded http://www.milw0rm.com/exploits/5622 http://www.milw0rm.com/exploits/5632 http://www.milw0rm.com/exploits/5720 http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz&forum_name=rsyncrypto-devel http://metasploit.com/users/hdm/tools/debian-openssl/ Debian Security Information: DSA-1571 (Google Search) http://www.debian.org/security/2008/dsa-1571 Debian Security Information: DSA-1576 (Google Search) http://www.debian.org/security/2008/dsa-1576 http://www.ubuntu.com/usn/usn-612-1 http://www.ubuntu.com/usn/usn-612-2 http://www.ubuntu.com/usn/usn-612-3 http://www.ubuntu.com/usn/usn-612-4 http://www.ubuntu.com/usn/usn-612-7 Cert/CC Advisory: TA08-137A http://www.us-cert.gov/cas/techalerts/TA08-137A.html CERT/CC vulnerability note: VU#925211 http://www.kb.cert.org/vuls/id/925211 BugTraq ID: 29179 http://www.securityfocus.com/bid/29179 http://www.securitytracker.com/id?1020017 http://secunia.com/advisories/30220 http://secunia.com/advisories/30221 http://secunia.com/advisories/30231 http://secunia.com/advisories/30239 http://secunia.com/advisories/30249 http://secunia.com/advisories/30136 XForce ISS Database: openssl-rng-weak-security(42375) http://xforce.iss.net/xforce/xfdb/42375
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: