Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-612-1: OpenSSL vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-612-1: OpenSSL vulnerability
# 1  
Old 05-13-2008
USN-612-1: OpenSSL vulnerability
Referenced CVEs:
CVE-2008-0166


<div class="field field-type-text field-field-description">Description:
<div class="field-items"><div class="field-item"><div class="usn">=========================================================== Ubuntu Security Notice USN-612-1 May 13, 2008openssl vulnerabilityCVE-2008-0166===========================================================A weakness has been discovered in the random number generator usedby OpenSSL on Debian and Ubuntu systems. As a result of thisweakness, certain encryption keys are much more common than theyshould be, such that an attacker could guess the key through abrute-force attack given minimal knowledge of the system. Thisparticularly affects the use of encryption keys in OpenSSH, OpenVPNand SSL certificates.This vulnerability only affects operating systems which (likeUbuntu) are based on Debian. However, other systems can beindirectly affected if weak keys are imported into them.We consider this an extremely serious vulnerability, and urge allusers to act immediately to secure their systems. (CVE-2008-0166)This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.== Who is affected ==Systems which are running any of the following releases: * Ubuntu 7.04 (Feisty) * Ubuntu 7.10 (Gutsy) * Ubuntu 8.04 LTS (Hardy) * Ubuntu "Intrepid Ibex" (development): libssl
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT OPENDARWIN

ssl_set_verify_result

SSL_set_verify_result(3)					      OpenSSL						  SSL_set_verify_result(3)

NAME

       SSL_set_verify_result - override result of peer certificate verification

SYNOPSIS

	#include <openssl/ssl.h>

	void SSL_set_verify_result(SSL *ssl, long verify_result);

DESCRIPTION

       SSL_set_verify_result() sets verify_result of the object ssl to be the result of the verification of the X509 certificate presented by the
       peer, if any.

NOTES

       SSL_set_verify_result() overrides the verification result. It only changes the verification result of the ssl object. It does not become
       part of the established session, so if the session is to be reused later, the original value will reappear.

       The valid codes for verify_result are documented in verify(1).

RETURN VALUES

       SSL_set_verify_result() does not provide a return value.

SEE ALSO

       ssl(3), SSL_get_verify_result(3), SSL_get_peer_certificate(3), verify(1)

0.9.7d								    2002-04-30						  SSL_set_verify_result(3)