Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Debian OpenSSL critical security bug



On Mon, May 19, 2008 at 03:28:17PM +0900, Hung Nguyen Vu wrote:
> 
> <quote>
> On the Linux platform, the default maximum process ID is
> 32,768, resulting in a very small number of seed values being used for
> all PRNG operations.
> </quote>
> 
> [1] http://metasploit.com/users/hdm/tools/debian-openssl/

_really_ scary.
Booted up a 3 month old debian-based grml livecd, generated rsa ssh-keypair,
copied id_rsa.pud to authorized_keys .
And after 90minutes of bruteforcing rsa-keys i could login from the outside.

I know, nothing special, takes way more effort than the last solaris
telnet-bug, but still scary.

Christian


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links