|Category:||Ubuntu Local Security Checks|
|Title:||Ubuntu USN-612-7 ()|
|Summary:||Ubuntu USN-612-7 ()|
The remote host is missing an update to
announced via advisory USN-612-7.
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
USN-612-2 introduced protections for OpenSSH, related to the OpenSSL
vulnerabilities addressed by USN-612-1. This update provides the
corresponding updates for OpenSSH in Ubuntu 6.06 LTS. While the OpenSSL
in Ubuntu 6.06 is not vulnerable, this update will block weak keys
generated on systems that may have been affected themselves.
Original advisory details:
A weakness has been discovered in the random number generator used
by OpenSSL on Debian and Ubuntu systems. As a result of this
weakness, certain encryption keys are much more common than they
should be, such that an attacker could guess the key through a
brute-force attack given minimal knowledge of the system. This
particularly affects the use of encryption keys in OpenSSH, OpenVPN
and SSL certificates.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
In general, a standard system upgrade is sufficient to effect the
Risk factor : High
Common Vulnerability Exposure (CVE) ID: CVE-2008-0166|
Bugtraq: 20080515 Debian generated SSH-Keys working exploit (Google Search)
Debian Security Information: DSA-1571 (Google Search)
Debian Security Information: DSA-1576 (Google Search)
Cert/CC Advisory: TA08-137A
CERT/CC vulnerability note: VU#925211
BugTraq ID: 29179
XForce ISS Database: openssl-rng-weak-security(42375)
|Copyright||Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com|
|This is only one of 40037 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.