Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2000.134 -- FreeBSD Security Advisory: FreeBSD-SA-00:25.alpha-dev-random FreeBSD/Alpha platform lacks kernel pseudo-random number generator, some applications fail to detect this. 13 June 2000 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: FreeBSD kernel Vendor: FreeBSD Operating System: FreeBSD Platform: Alpha Impact: Provide Misleading Information Access Required: Local, Remote - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:25 Security Advisory FreeBSD, Inc. Topic: FreeBSD/Alpha platform lacks kernel pseudo-random number generator, some applications fail to detect this. Category: core Module: kernel Announced: 2000-06-12 Affects: FreeBSD/Alpha prior to the correction date. Corrected: 2000-05-10 (4.0-STABLE) 2000-04-28 (5.0-CURRENT) FreeBSD only: Yes I. Background The FreeBSD kernel provides a cryptographic-strength pseudo-random number generator via the /dev/random and /dev/urandom interfaces, which samples hardware measurements to provide a high-quality source of "entropy" (randomness). II. Problem Description The FreeBSD port to the Alpha platform did not provide the /dev/random or /dev/urandom devices - this was an oversight during the development process which was not corrected before the Alpha port "became mainstream". FreeBSD/i386 is not affected. As a consequence, there is no way for Alpha systems prior to the correction date to obtain cryptographic-strength random numbers, unless an application "rolls its own" entropy gathering mechanism. This in itself is not a vulnerability, although it is an omission and a departure from the expected behaviour of a FreeBSD system. The actual vulnerability is that some applications fail to correctly check for a working /dev/random and do not exit with an error if it is not available, so this weakness goes undetected. OpenSSL 0.9.4, and utilities based on it, including OpenSSH (both of which are included in the base FreeBSD 4.0 system) are affected in this manner (this bug was corrected in OpenSSL 0.9.5) Therefore, cryptographic security systems on vulnerable FreeBSD/Alpha systems (including OpenSSH in the base FreeBSD 4.0 system) may have weakened strength, and cryptographic keys generated on such systems should not be trusted. III. Impact Cryptographic secrets (such as OpenSSH public/private keys) generated on FreeBSD/Alpha systems may be much weaker than their "advertised" strength, and may lead to data compromise to a dedicated and knowledgeable attacker. PGP/GnuPG keys, and keys generated by the SSH or SSH2 ports, are not believed to be weakened since that software will correctly detect the lack of a working /dev/random and use alternative sources of entropy. OpenSSH and OpenSSL are currently the only known vulnerable applications. IV. Workaround None available. V. Solution One of the following three options, followed by step 2). 1a) Upgrade your FreeBSD/Alpha system to FreeBSD 4.0-STABLE after the correction date. 1b) install the patched 4.0-RELEASE GENERIC kernel available from: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:25/kernel.gz e.g. perform the following steps as root: # fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:25/kernel.gz # fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:25/kernel.gz.asc [ Verify the detached PGP signature using your PGP utility - consult your utility's documentation for how to do this ] # gunzip kernel.gz # cp /kernel /kernel.old # chflags noschg /kernel # cp kernel /kernel # chflags schg /kernel 1c) Download the kernel source patch and rebuild your FreeBSD/Alpha kernel, as follows: # fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:25/kernel.sys.diff Download the detached PGP signature: # fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:25/kernel.sys.diff.asc and verify the signature using your PGP utility. Apply the patch: # cd /usr/src # patch -p < /path/to/kernel.sys.diff Rebuild your kernel as described in http://www.freebsd.org/handbook/kernelconfig.html and reboot with the new kernel. NOTE: Because of the significant improvements to the FreeBSD/Alpha platform in FreeBSD 4.0, it is not planned at this time to backport the necessary changes to FreeBSD 3.4-STABLE. 2) Immediately regenerate all OpenSSH-generated SSH keys and OpenSSL-generated SSL certificates, and any other data relying on cryptographic random numbers which were generated on FreeBSD/Alpha systems, whose strength cannot be verified. [Note: for most systems, the only significant vulnerability is likely to be from OpenSSH and OpenSSL-generated keys and certificates (e.g. for SSL webservers)] - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBOUVa6lUuHi5z0oilAQG/VQP/bXSr0YdjwTVuHrc1JOTzKMqSJYyff50d 6Jg7VNL+X2B7hQcWUC8Rn/m+qy6byc9g51v8Wyk70olUs1Fy4bTGh+iEpE0mbQ45 tx75z/Uhq46fYP3ldBx9XvXJQxRHXrPos7gfTOVVdJcchIIgJdtxC7LfvOswbnvY EK+rxB2I9f8= =ee12 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to use any or all of this information is the responsibility of each user or organisation, and should be done so in accordance with site policies and procedures. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the original authors to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/Information/advisories.html If you believe that your system has been compromised, contact AusCERT or your representative in FIRST (Forum of Incident Response and Security Teams). Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for emergencies. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key iQCVAwUBOXXTQCh9+71yA2DNAQHCpwP/fT0PVPKQhzk+MGQ9oe96OEAhlu1EjQZs F5whgBfug2iJx7q631RxkjLjYBSrE+aqv/rCFP2KipsKzZuDvkUfFqNFuGNQGm3v yxbiHRK+zQAO6UkXvnaEOoMUWdznvJztAdX6YUbI0WieeOHXEKsYYchDXRfVfjz2 ecY2IrYE53U= =a3Eb -----END PGP SIGNATURE-----