USN-612-1: OpenSSL vulnerability

05-13-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

USN-612-1: OpenSSL vulnerability

Referenced CVEs:
CVE-2008-0166

<div class="field field-type-text field-field-description">Description:
<div class="field-items"><div class="field-item"><div class="usn">=========================================================== Ubuntu Security Notice USN-612-1 May 13, 2008openssl vulnerabilityCVE-2008-0166===========================================================A weakness has been discovered in the random number generator usedby OpenSSL on Debian and Ubuntu systems. As a result of thisweakness, certain encryption keys are much more common than theyshould be, such that an attacker could guess the key through abrute-force attack given minimal knowledge of the system. Thisparticularly affects the use of encryption keys in OpenSSH, OpenVPNand SSL certificates.This vulnerability only affects operating systems which (likeUbuntu) are based on Debian. However, other systems can beindirectly affected if weak keys are imported into them.We consider this an extremely serious vulnerability, and urge allusers to act immediately to secure their systems. (CVE-2008-0166)This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.== Who is affected ==Systems which are running any of the following releases: * Ubuntu 7.04 (Feisty) * Ubuntu 7.10 (Gutsy) * Ubuntu 8.04 LTS (Hardy) * Ubuntu "Intrepid Ibex" (development): libssl

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

USN-TOMBSTONE-CLEANUP.PL(8) System Manager's Manual USN-TOMBSTONE-CLEANUP.PL(8) NAME
usn-tombstone-cleanup.pl - Directory Server perl script for cleaning up tombstone entries. SYNOPSIS
usn-tombstone-cleanup.pl [-Z serverID] [-D rootdn] { -w password | -w - | -j filename } -s suffix -n backend [-m maxusn_to_delete] [-P pro- tocol] [-v] [-h] DESCRIPTION
Deletes the tombstone entries maintained by the instance if the USN Plug-in is enabled. OPTIONS
A summary of options is included below: -Z Server Identifier The server ID of the Directory Server instance. If there is only one instance on the system, this option can be skipped. -D Root DN The Directory Manager DN, or root DN. If not specified, the script will search the server instance configuration for the value. -w password The rootdn password. -w - Prompt for the rootdn password. -j password filename The name of the file that contains the root DN password. -s suffix Gives the name of the suffix containing the entries to clean/delete. -n backend Gives the name of the database containing the entries to clean/delete. Example, userRoot. -m maxusn_to_delete Sets the upper bound for entries to delete. All tombstone entries with an entryUSN value up to the specified maximum (inclusive) are deleted, but not past that USN value. If no maximum USN value is set, then all backend tombstone entries are deleted. -P protocol The connection protocol to connect to the Directory Server. Protocols are STARTTLS, LDAPS, LDAPI, and LDAP. If this option is skipped, the most secure protocol that is available is used. For LDAPI, AUTOBIND is also available for the root user. -v Display verbose ouput -h Display usage EXAMPLE
usn-tombstone-cleanup.pl -Z instance2 -D 'cn=directory manager' -w password -n userRoot -s 'ou=people,dc=example,dc=com' -P STARTTLS Note: security must be enabled to use protocol STARTTLS. If STARTTLS is not available it will default to next strongest/available protocol automatically. DIAGNOSTICS
Exit status is zero if no errors occur. Errors result in a non-zero exit status and a diagnostic message being written to standard error. AUTHOR
usn-tombstone-cleanup.pl was written by the 389 Project. REPORTING BUGS
Report bugs to http://bugzilla.redhat.com. COPYRIGHT
Copyright (C) 2013 Red Hat, Inc. Mar 5, 2013 USN-TOMBSTONE-CLEANUP.PL(8)

Security Advisories (RSS)

USN-612-1: OpenSSL vulnerability

LEARN ABOUT CENTOS

usn-tombstone-cleanup.pl