USN-612-1: OpenSSL vulnerability Post: 302194631

Sponsored Content

Special Forums Cybersecurity Security Advisories (RSS) USN-612-1: OpenSSL vulnerability Post 302194631 by Linux Bot on Tuesday 13th of May 2008 10:30:05 AM

05-13-2008

Registered User

USN-612-1: OpenSSL vulnerability

Referenced CVEs:
CVE-2008-0166

<div class="field field-type-text field-field-description">Description:
<div class="field-items"><div class="field-item"><div class="usn">=========================================================== Ubuntu Security Notice USN-612-1 May 13, 2008openssl vulnerabilityCVE-2008-0166===========================================================A weakness has been discovered in the random number generator usedby OpenSSL on Debian and Ubuntu systems. As a result of thisweakness, certain encryption keys are much more common than theyshould be, such that an attacker could guess the key through abrute-force attack given minimal knowledge of the system. Thisparticularly affects the use of encryption keys in OpenSSH, OpenVPNand SSL certificates.This vulnerability only affects operating systems which (likeUbuntu) are based on Debian. However, other systems can beindirectly affected if weak keys are imported into them.We consider this an extremely serious vulnerability, and urge allusers to act immediately to secure their systems. (CVE-2008-0166)This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.== Who is affected ==Systems which are running any of the following releases: * Ubuntu 7.04 (Feisty) * Ubuntu 7.10 (Gutsy) * Ubuntu 8.04 LTS (Hardy) * Ubuntu "Intrepid Ibex" (development): libssl

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

LEARN ABOUT OPENSOLARIS

ssl_set_fd

SSL_set_fd(3openssl)						      OpenSSL						      SSL_set_fd(3openssl)

NAME

       SSL_set_fd - connect the SSL object with a file descriptor

SYNOPSIS

	#include <openssl/ssl.h>

	int SSL_set_fd(SSL *ssl, int fd);
	int SSL_set_rfd(SSL *ssl, int fd);
	int SSL_set_wfd(SSL *ssl, int fd);

DESCRIPTION

       SSL_set_fd() sets the file descriptor fd as the input/output facility for the TLS/SSL (encrypted) side of ssl. fd will typically be the
       socket file descriptor of a network connection.

       When performing the operation, a socket BIO is automatically created to interface between the ssl and fd. The BIO and hence the SSL engine
       inherit the behaviour of fd. If fd is non-blocking, the ssl will also have non-blocking behaviour.

       If there was already a BIO connected to ssl, BIO_free() will be called (for both the reading and writing side, if different).

       SSL_set_rfd() and SSL_set_wfd() perform the respective action, but only for the read channel or the write channel, which can be set inde-
       pendently.

RETURN VALUES

       The following return values can occur:

       0   The operation failed. Check the error stack to find out why.

       1   The operation succeeded.

SEE ALSO

       SSL_get_fd(3), SSL_set_bio(3), SSL_connect(3), SSL_accept(3), SSL_shutdown(3), ssl(3) , bio(3)

OpenSSL-0.9.8							    Oct 11 2005 					      SSL_set_fd(3openssl)