FreeBSD Alpha端口缺少/dev/random/dev/urandom漏洞

漏洞信息详情

FreeBSD Alpha端口缺少/dev/random/dev/urandom漏洞

• CNNVD编号：CNNVD-200006-053
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2000-0535
  
• 漏洞类型：
  
  
  配置错误
  
• 发布时间：
  
  2000-06-12
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-09-21
  
• 厂        商：
  
  openssl
• 漏洞来源：
  First made public …

FreeBSD的OpenSSL 0.9.4 和OpenSSH不能正确检查/dev/random或/dev/urandom设备的存在性，FreeBSD Alpha缺少这些设备。此漏洞导致设备产生容易破解的弱密钥。

OpenSSL 0.9.5 added checks to make sure the calls that use (open, read from, etc) the devices work.
FreeBSD corrected the following distributions for the Alpha platform on the dates listed below:
2000-05-10 (4.0-STABLE)
2000-04-28 (5.0-CURRENT)
If you are using a FreeBSD distribution of these versions obtained earlier than the dates shown, you can take the following steps (copied from the advisory):
1a) Upgrade your FreeBSD/Alpha system to FreeBSD 4.0-STABLE after the
correction date.
1b) install the patched 4.0-RELEASE GENERIC kernel available from:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:25/kernel.gz
e.g. perform the following steps as root:
# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:25/kernel.gz
# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:25/kernel.gz.asc
[ Verify the detached PGP signature using your PGP utility – consult your
utility’s documentation for how to do this ]
# gunzip kernel.gz
# cp /kernel /kernel.old
# chflags noschg /kernel
# cp kernel /kernel
# chflags schg /kernel
1c) Download the kernel source patch and rebuild your FreeBSD/Alpha
kernel, as follows:
# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:25/kernel.sys.diff
Download the detached PGP signature:
# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:25/kernel.sys.diff.asc
and verify the signature using your PGP utility.
Apply the patch:
# cd /usr/src
# patch -p < /path/to/kernel.sys.diff
Rebuild your kernel as described in
http://www.freebsd.org/handbook/kernelconfig.html
and reboot with the new kernel.
NOTE: Because of the significant improvements to the FreeBSD/Alpha
platform in FreeBSD 4.0, it is not planned at this time to backport
the necessary changes to FreeBSD 3.4-STABLE.
2) Immediately regenerate all OpenSSH-generated SSH keys and
OpenSSL-generated SSL certificates, and any other data relying on
cryptographic random numbers which were generated on FreeBSD/Alpha
systems, whose strength cannot be verified. [Note: for most systems,
the only significant vulnerability is likely to be from OpenSSH and
OpenSSL-generated keys and certificates (e.g. for SSL webservers)]

来源: BID
名称: 1340
链接:http://www.securityfocus.com/bid/1340

来源: FREEBSD
名称: FreeBSD-SA-00:25
链接:http://archives.neohapsis.com/archives/freebsd/2000-06/0083.html