Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] Debian OpenSSL critical security bug
- Date: Mon, 19 May 2008 08:36:09 +0200
- From: Christian Horn <chorn@example.com>
- Subject: Re: [tlug] Debian OpenSSL critical security bug
- References: <4fefd6340805131436p641e9605k84954b75accb8e2e@mail.gmail.com> <d8fcc0800805131552g4d1d0324me48d16a82980af33@mail.gmail.com> <78d7dd350805182328u6986e426o6538a5f6cf1fcc74@mail.gmail.com>
- User-agent: Mutt/1.5.13 (2006-08-11)
On Mon, May 19, 2008 at 03:28:17PM +0900, Hung Nguyen Vu wrote: > > <quote> > On the Linux platform, the default maximum process ID is > 32,768, resulting in a very small number of seed values being used for > all PRNG operations. > </quote> > > [1] http://metasploit.com/users/hdm/tools/debian-openssl/ _really_ scary. Booted up a 3 month old debian-based grml livecd, generated rsa ssh-keypair, copied id_rsa.pud to authorized_keys . And after 90minutes of bruteforcing rsa-keys i could login from the outside. I know, nothing special, takes way more effort than the last solaris telnet-bug, but still scary. Christian
- Follow-Ups:
- Re: [tlug] Debian OpenSSL critical security bug
- From: Stephen J. Turnbull
- Re: [tlug] Debian OpenSSL critical security bug
- References:
- [tlug] Debian OpenSSL critical security bug
- From: Gernot Hassenpflug
- Re: [tlug] Debian OpenSSL critical security bug
- From: Josh Glover
- Re: [tlug] Debian OpenSSL critical security bug
- From: Hung Nguyen Vu
- [tlug] Debian OpenSSL critical security bug
- Prev by Date: Re: [tlug] Debian OpenSSL critical security bug
- Next by Date: Re: [tlug] OT: Beer
- Previous by thread: Re: [tlug] Debian OpenSSL critical security bug
- Next by thread: Re: [tlug] Debian OpenSSL critical security bug
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |