PDA

View Full Version : [all variants] OpenSSH vulnerability



jure1873
May 14th, 2008, 01:49 PM
I just found out about the bug in the openssl library for generating ssh keys (http://www.ubuntu.com/usn/usn-612-2) and I was wondering if there is a way to test a pem certificate. The dowkd and ssh-vulnkey just test ssh server keys but I want also to check apache and postfix keys.
I saw some king of patch on a debian webpage for dowkd but I don't know how to use it.

SpaceTeddy
May 14th, 2008, 02:20 PM
in ubuntu, the openssl-vulkey command was supplied to check this.
just do the updates and it will automaticially appear in your system.
you can check your keys with that.



and yes, i've been at this all day fixing keys and certs - it majorly sucks... big time :(

vpsville
May 14th, 2008, 08:21 PM
Yes its a nasty one. Its taking up my whole day.

SpaceTeddy
May 14th, 2008, 08:24 PM
tell me about it.

btw - does anyone know how i am going to reissue 100+ certificates for openvpn that are scatered around the globe ?
I guess i was lucky that the CA was old enough to NOT be affected by this...

jure1873
May 15th, 2008, 07:03 PM
Ok, I checked everything and the certificates are not blacklisted, the ones that were were regenerated.
EDIT:
I have created a csr and just found out on the debian wiki that I need to get it signed again even if they are not blacklisted...