MNBSD-2008-5: Debian OpenSSL weak PRNG produces predictable SSH keys

Severity: Unknown

Affected Package: openssl

Summary: Debian OpenSSL weak PRNG produces predictable SSH keys

Description

A Debian patch to OpenSSL introduced a defect in the random number generator, causing the generation of predictable (weak) SSH keys. A utility (obtained from Ubuntu) was added to MidnightBSD to detect and deny these weak keys. The fix was applied to RELENG_0_2 and CURRENT.

Affected Versions

openssl

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2008-0166

Published: May 16, 2008
Last Modified: May 16, 2008