Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-612-1: OpenSSL vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-612-1: OpenSSL vulnerability
# 1  
Old 05-13-2008
USN-612-1: OpenSSL vulnerability
Referenced CVEs:
CVE-2008-0166


<div class="field field-type-text field-field-description">Description:
<div class="field-items"><div class="field-item"><div class="usn">=========================================================== Ubuntu Security Notice USN-612-1 May 13, 2008openssl vulnerabilityCVE-2008-0166===========================================================A weakness has been discovered in the random number generator usedby OpenSSL on Debian and Ubuntu systems. As a result of thisweakness, certain encryption keys are much more common than theyshould be, such that an attacker could guess the key through abrute-force attack given minimal knowledge of the system. Thisparticularly affects the use of encryption keys in OpenSSH, OpenVPNand SSL certificates.This vulnerability only affects operating systems which (likeUbuntu) are based on Debian. However, other systems can beindirectly affected if weak keys are imported into them.We consider this an extremely serious vulnerability, and urge allusers to act immediately to secure their systems. (CVE-2008-0166)This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.== Who is affected ==Systems which are running any of the following releases: * Ubuntu 7.04 (Feisty) * Ubuntu 7.10 (Gutsy) * Ubuntu 8.04 LTS (Hardy) * Ubuntu "Intrepid Ibex" (development): libssl
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT OPENDARWIN

ssl_get_ciphers

SSL_get_ciphers(3)						      OpenSSL							SSL_get_ciphers(3)

NAME

       SSL_get_ciphers, SSL_get_cipher_list - get list of available SSL_CIPHERs

SYNOPSIS

	#include <openssl/ssl.h>

	STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *ssl);
	const char *SSL_get_cipher_list(SSL *ssl, int priority);

DESCRIPTION

       SSL_get_ciphers() returns the stack of available SSL_CIPHERs for ssl, sorted by preference. If ssl is NULL or no ciphers are available,
       NULL is returned.

       SSL_get_cipher_list() returns a pointer to the name of the SSL_CIPHER listed for ssl with priority. If ssl is NULL, no ciphers are avail-
       able, or there are less ciphers than priority available, NULL is returned.

NOTES

       The details of the ciphers obtained by SSL_get_ciphers() can be obtained using the SSL_CIPHER_get_name(3) family of functions.

       Call SSL_get_cipher_list() with priority starting from 0 to obtain the sorted list of available ciphers, until NULL is returned.

RETURN VALUES

       See DESCRIPTION

SEE ALSO

       ssl(3), SSL_CTX_set_cipher_list(3), SSL_CIPHER_get_name(3)

0.9.7d								    2002-04-30							SSL_get_ciphers(3)