Draft:Debian OpenSSL vulnerability

Review waiting, please be patient.

This may take 7 weeks or more, since drafts are reviewed in no specific order. There are 1,196 pending submissions waiting for review.

If the submission is accepted, then this page will be moved into the article space.
If the submission is declined, then the reason will be posted here.
In the meantime, you can continue to improve this submission by editing normally.

Where to get help

If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews.
If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed.

How to improve a draft

Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia.
Help:Wikitext – how to use the markup
Help:Referencing for beginners – how to include references
Wikipedia:Article development – how to develop your article
Wikipedia:Writing better articles – how to improve your article
Wikipedia:Verifiability – make sure your article includes reliable third-party sources

You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article.

Improving your odds of a speedy review

To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags.

Add tags to your draft

Editor resources

Easy tools: Citation bot (help) | Advanced: Fix bare URLs

Reviewer tools

Instructions · What links here · Debian OpenSSL vulnerability (talk: + · bio) · (log) · Copyvios report · reFill · Citation Bot · (Search: Google, Wikipedia) · Submitted 7 days ago by WinNT4SP6 (talk: D · +) · Last edited 103 seconds ago by WinNT4SP6

Debian OpenSSL vulnerability (Common Vulnerabilities and Exposures number CVE-2008-0166^[1]) was a security vulnerability present exclusively in the Debian operating system and its derivatives from 2006 until it was discovered in 2008.^[2]^[3] The vulnerability affected the random number generator provided by OpenSSL (distributed as libssl), which was used by multiple software packages for the generation of cryptographic keys and certificates. The vulnerability made it possible to only generate a small number of predictable keypairs.^[4]

Background

The vulnerability was introduced to the Debian bug team in April 2006. It was accepted a month later, while the first affected version of the libssl package (0.9.8c-1) came out on 17 September 2006.^[2]^[3] At the time, it was viewed as a fix for warnings from the Valgrind memory debugger about the use of uninitialized memory by OpenSSL, which, unbeknownst to the bug team, served as a source entropy for its random number generator (RNG). As a result, the RNG lost practically all sources of randomness, with the exception of the PID of the process that requested its output.^[4]^[5]

As the maximum number of PIDs was restricted to 32,768, only 32,767^[a] (2¹⁵ − 1) unique keys of every type and size could be generated on the affected systems.^[4]^[5]^[6]

Discovery and Impact

The vulnerability was discovered by Debian developer Luciano Bello and disclosed on 13 May 2008, security patches correcting the vulnerability were released on the same day. The patches only fixed the RNG, they would not fix already existing weak keys, all of which had to be regenerated.^[3]^[7]

Even though other operating systems were not directly affected, importing vulnerable keys could also put them at risk.^[8]

Affected software

Operating systems
Debian-based Linux distributions using libssl versions 0.9.8c-1 through 0.9.8g-9^[9], confirmed examples are:

Debian version 4.0 (Etch)^[9]
Ubuntu versions 7.04, 7.10 and 8.04^[8]

Notable packages

Legacy

A day before the 20th anniversary of the bug's introduction, security researcher Hanno Böck disclosed that multiple websites were actively using keys affected by this vulnerability to produce DKIM signatures for their emails.^[13]

Notes

^ In Unix-based operating systems, PID 0 is reserved for the init and cannot be used by ordinary proccesses.

References

^ "CVE-2008-0166 Detail". National Vulnerability Database. NIST. Retrieved 6 October 2024.
^ ^a ^b "#363516 valgrind-clean the RNG". Debian bug report logs. 19 April 2006. Retrieved 6 October 2024.
^ ^a ^b ^c "[SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator". Debian security mailing list. 13 May 2008. Retrieved 6 October 2024.
^ ^a ^b ^c Garfinkel, Simson (20 May 2008). "Alarming Open-Source Security Holes". MIT Technology Review. Retrieved 6 October 2024.
^ ^a ^b Cox, Russ (21 May 2008). "Lessons from the Debian/OpenSSL Fiasco". research!rsc. Retrieved 6 October 2024.
^ Moore, H. D. "Debian OpenSSL Predictable PRNG Toys". Metasploit.com. Archived from the original on 8 June 2009. Retrieved 9 October 2024.
^ "Key Rollover". Debian Security. Archived from the original on 22 November 2008. Retrieved 6 October 2024.
^ ^a ^b ^c "USN-612-1: OpenSSL vulnerability". Ubuntu Security. 13 May 2008. Retrieved 6 October 2024.
^ ^a ^b "CVE-2008-0166". Debian security tracker. Retrieved 6 October 2024.
^ "USN-612-2: OpenSSH vulnerability". Ubuntu Security. 13 May 2008. Retrieved 6 October 2024.
^ "USN-612-3: OpenVPN vulnerability". Ubuntu Security. 13 May 2008. Retrieved 6 October 2024.
^ "Tor security advisory: Debian flaw causes weak identity keys". 13 May 2008. Retrieved 6 October 2024.
^ Böck, Hanno (12 May 2024). "16 years of CVE-2008-0166 Debian OpenSSL Bug - Breaking DKIM and BIMI in 2024". Retrieved 6 October 2024.

Category:Computer security exploits Category:2008 in computing

[6] In Unix-based operating systems, PID 0 is reserved for the init and cannot be used by ordinary proccesses.

[NIST-1] "CVE-2008-0166 Detail". National Vulnerability Database. NIST. Retrieved 6 October 2024.

[DebianValgrind-2] "#363516 valgrind-clean the RNG". Debian bug report logs. 19 April 2006. Retrieved 6 October 2024.

[DebianSecurity-3] "[SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator". Debian security mailing list. 13 May 2008. Retrieved 6 October 2024.

[MITTechnology-4] Garfinkel, Simson (20 May 2008). "Alarming Open-Source Security Holes". MIT Technology Review. Retrieved 6 October 2024.

[research!rsc-5] Cox, Russ (21 May 2008). "Lessons from the Debian/OpenSSL Fiasco". research!rsc. Retrieved 6 October 2024.

[7] Moore, H. D. "Debian OpenSSL Predictable PRNG Toys". Metasploit.com. Archived from the original on 8 June 2009. Retrieved 9 October 2024.

[8] "Key Rollover". Debian Security. Archived from the original on 22 November 2008. Retrieved 6 October 2024.

[UbuntuSecurity-9] "USN-612-1: OpenSSL vulnerability". Ubuntu Security. 13 May 2008. Retrieved 6 October 2024.

[DebianTracker-10] "CVE-2008-0166". Debian security tracker. Retrieved 6 October 2024.

[UbuntuSSH-11] "USN-612-2: OpenSSH vulnerability". Ubuntu Security. 13 May 2008. Retrieved 6 October 2024.

[UbuntuOpenVPN-12] "USN-612-3: OpenVPN vulnerability". Ubuntu Security. 13 May 2008. Retrieved 6 October 2024.

[TorSecurity-13] "Tor security advisory: Debian flaw causes weak identity keys". 13 May 2008. Retrieved 6 October 2024.

[14] Böck, Hanno (12 May 2024). "16 years of CVE-2008-0166 Debian OpenSSL Bug - Breaking DKIM and BIMI in 2024". Retrieved 6 October 2024.

[1]

[2]

[3]

[4]

[5]

[a]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]