quaker
May 15th, 2008, 02:02 PM
Hi John,
I wanted to give you a heads up on a recent Debian OpenSSL vulnerability (http://metasploit.com/users/hdm/tools/debian-openssl/) since you're using Debian on the new servers. The bug is relatively recent, so I'm not sure if your installation is already patched or not.
Basically, all OpenSSL keys generated on a Debian-based system for the last two years are predictably random and thus vulnerable to attack. The site I linked has info on blacklisted keys and patches for the problem.
Hopefully you aren't affected, but if so it should be relatively painless to fix.
I wanted to give you a heads up on a recent Debian OpenSSL vulnerability (http://metasploit.com/users/hdm/tools/debian-openssl/) since you're using Debian on the new servers. The bug is relatively recent, so I'm not sure if your installation is already patched or not.
Basically, all OpenSSL keys generated on a Debian-based system for the last two years are predictably random and thus vulnerable to attack. The site I linked has info on blacklisted keys and patches for the problem.
Hopefully you aren't affected, but if so it should be relatively painless to fix.