Well-known security researcher H. D. Moore, creator of the MetaSploit Project, has posted his findings on the recently discovered Debian-packaged OpenSSL bug. Moore documents the cause of the bug and explains how easily attackers can create every possible key the flawed OpenSSL implementation can generate.
According to Moore, "All SSL and SSH keys generated on Debian-based systems (Ubuntu, Kubuntu, etc) between September 2006 and May 13th, 2008 may be affected." He also provides information and links to tools which can be used to regenerate those keys.
Moore explains that the impact of this flaw is huge, and goes beyond the Debian/Ubuntu user communities:
In the case of SSL keys, all generated certificates will be need to recreated and sent off to the Certificate Authority to sign. Any Certificate Authority keys generated on a Debian-based system will need be regenerated and revoked. All system administrators that allow users to access their servers with SSH and public key authentication need to audit those keys to see if any of them were created on a vulnerable system. Any tools that relied on OpenSSL's PRNG to secure the data they transferred may be vulnerable to an offline attack. Any SSH server that uses a host key generated by a flawed system is subject to traffic decryption and a man-in-the-middle attack would be invisible to the users. This flaw is ugly because even systems that do not use the Debian software need to be audited in case any key is being used that was created on a Debian system. The Debian and Ubuntu projects have released a set of tools for identifying vulnerable keys. You can find these listed in the references section below.
Debian and derivative distribution users can use the
apt-get upgrade command to replace vulnerable keys on their systems, and Ubuntu users applying the security patches which appeared yesterday will have their weak keys replaced automatically, but as Moore points out, that doesn't solve the problems caused by weak keys being used to sign certificates or copied to other servers.
The bottom line is that if you are a Debian or Ubuntu user, you need to apply the OpenSSH/OpenSSL patches immediately and ensure that your weak keys are replaced. If you are an admin on other platforms, you need to scan for and replace any weak keys which may have arrived on your system from a site generating weak keys.