SECURITY - Vulnerability discovered in vendor-provided SSH packages
2008-05-14
by: Silvia Regis
|
ROME, Italy, May 14th, 2008 - A vulnerability affecting the generation
of the encryption keys has been discovered on Debian-based operating
systems shipping OpenSSL version 0.9.8c-1 up to 0.9.8g-9 .
More information is available at:
http://www.debian.org/security/2008/dsa-1571
http://www.ubuntu.com/usn/usn-612-2
The NX packages are not directly affected by this security issue, since
NX ships libraries and executables built from the the upstream sources
distributed by the OpenSSH and OpenSSL projects. Nonetheless, NX Server
relies on the ssh-keygen tool from the host system to generate the public
key used to gain access to the node as the NX user. If the ssh-keygen tool
is affected by the vulnerability, so will be the key generated by NX.
If you run a Debian-based Linux distribution or you suspect that the
OpenSSL or OpenSSH packages installed on your system may be affected by
the vulnerability, please follow the instructions below:
- Install the security updates provided for your operating system
vendor or follow the procedure reported at:
http://www.ubuntu.com/usn/usn-612-2
- Verify if compromised keys are still present in the users'
authorized_keys file by using the ssh-vulnkey tool:
# ssh-vulnkey -a
If you might want to retrieve which are the authorized_keys files
including compromised keys, you may for example run:
# for path in `cat /etc/passwd | awk -F ':' '{print $6}'`; \
do auth_file=$path/.ssh/authorized_keys2; if [ -f $auth_file ] ; \
then ssh-vulnkey -q $auth_file ; if [ "$?" = "0" ] ; \
then echo $auth_file COMPROMISED ; fi ; fi ; \
auth_file=$path/.ssh/authorized_keys; if [ -f $auth_file ] ; \
then ssh-vulnkey -q $auth_file ; if [ "$?" = "0" ] ; \
then echo $auth_file COMPROMISED ; fi ; fi ; done ;
If compromised keys are present, we suggest to remove manually the
affected key from the user's authorized_keys file.
- Verify if the NX Server public key, generated during the installation
of the server, is compromised:
# ssh-vulnkey /usr/NX/etc/keys/node.localhost.id_dsa.pub
If the key is compromised, re-generate it and choose to
overwrite the old file by running:
# ssh-keygen -q -t dsa -N '' -f '/usr/NX/etc/keys/node.localhost.id_dsa'
- Remove the known_hosts file for the nx user:
# rm -f /usr/NX/home/nx/.ssh/known_hosts
- Verify that no compromised keys are left:
# ssh-vulnkey -a
If NX Server is running in a multi-node environment, we advise to check
each NX Node machine to verify whether the compromised keys have been
propagated. If this is the case, please perform the operations listed
above on each of the affected nodes.
The NoMachine Security Team
[SEC]
|
|
 |
|
News |
About Us |
Partners |
Contact Us
