Scanner for Debian OpenSSL Vulnerability (://URLFAN)
Discover what sites bloggers are referencing in real time.
Reading 1,398,757 feeds, parsing 95,631,598 posts, ranking 1,515,000 domains.

    HOME  CONTACT  ABOUT US  TOP 100 SITES  BUZZ POSTS
Search 95,631,598 blog posts
LOOKUP A DOMAIN

Feed
blog.securitymonks.com

Post Category

Post Date
May 22, 2008 4:31 p.m.

Article Structure
17 paragraphs
6068 characters
1 images
14 outgoing links

Sites mentioned
(click for rank details):

nvd.nist.gov
valgrind.org
statmath.wu-wien.ac.at
itsecurity.net
debian.org
metasploit.com
python.org
gnu.org
pypi.python.org
peak.telecommunity.com
lag.net
http

Next Article
Developmental instability in a stem-mining sawfly: can fluctuating asymmetry detect plant host stress in a model system?

Previous Article
How To Watch Live Football On Your PC

Scanner for Debian OpenSSL Vulnerability

Source: http://blog.securitymonks.com/2008/05/22/scanner-f...

Displaying mentions in this article, for full text please visit source.

VulnerabilityBy now, you likely have heard about the Debian OpenSSL Vulnerability, found by Luciano Bello. It was originally announced on May 13th. What occurred is that code was removed because it caused the Valgrind and Purify tools to produce warnings about the use of uninitialized data in code that was linked to OpenSSL. This change caused only the current process ID to be used for the initial seed, crippling the seeding process for the OpenSSL PRNG. To quote the National Vulnerability Database (NVD):
OpenSSL 0.9.8c-1 up to 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.

Hubert Seiwert, Internet Security Specialist at Westpoint Ltd., released debian_ssh_scan.py on May 16th. The code does remote check for weak Debian sshd host keys as identified in CVE-2008-0166. The fingerprints are taken from keys generated by HD Moore’s common and uncommon keys. Mr. Seiwert also used Justin Azoff’s multi-threading code. While it is not the only scanner, Mr. Seiwert did a very nice job.

For those who might be less familiar with Python, I thought I would walk through getting debian_ssh_scan.py installed. Most distributions of Linux and Unix have Python installed and with a few additional steps you will be ready to scan your hosts for vulnerabilities.

Set HTTP_PROXY

If you need to access the Internet through a proxy server, the HTTP_PROXY environment variables should be set. This will allow wget, Python’s urllib module, and other applications (yum, apt-get etc) to use this environment variable to access http/https through the proxy server.

# export HTTP_PROXY="http://:"

Replace “” with your proxy server name/ip and “” with the proxy’s port.

Install setuptools

The setuptools module is a way to allow developers an easy way to build and distribute Python packages in a single-file archive called an “egg.” The steps to get setuptools installed are:

Download the appropriate egg for your version of Python (e.g. setuptools-0.6c8-py2.3.egg). Do NOT rename it. Run it. Setuptools will install itself using the matching version of Python (e.g. python2.3), and will place the easy_install executable in the default location for installing Python scripts (as determined by the standard distutils configuration files, or by the Python installation).

To install:

# cd /home/ger/software # wget http://pypi.python.org/packages/2.3/s/setuptools/setuptools-0.6c8-py2.3.egg # sh setuptools-0.6c8-py2.3.egg
Install paramiko

The python module paramiko implements SSH2 protocol for secure (encrypted and authenticated) connections to remote machines. Below, the easy_install executable is used. The Python module easy_install is bundled with setuptools and allows for automatically download, build, install, and management of Python packages.

# cd /home/ger/software # wget http://www.lag.net/paramiko/download/paramiko-1.7.3.tar.gz # tar xzf paramiko-1.7.3.tar.gz # cd paramiko-1.7.3 # easy_install ./
Pull Down debian_ssh_scan_v4

The python script debian_ssh_scan_v4 can now be installed.

# cd /home/ger/software # wget http://itsecurity.net/debian_ssh_scan_v4.tar.bz2 # bzip2 -cd debian_ssh_scan_v4.tar.bz2 | tar xvf - # cd debian_ssh_scan_v4
Start Scanning

You are now ready to start scanning. The below IP is used only for demonstration purposes. Use your own site’s IPs.

# ./debian_ssh_scan_v4.py 127.0.0.1:22 201691 fingerprints loaded. 127.0.0.1:22 sshd fingerprint 97382c98fe3d45fa779abd34bb65fb73 VULNERABLE (RSA 2048 bit key, pid 5214)

Modify targets.txt, if you want to create a file of IPs. Run the file of IPs through the scan program using the command:

# cat targets.txt | ./debian_ssh_scan_v4.py
Final Words

Debian has issued an update for OpenSSL. For affected systems, the software packages need to be updated and all cryptographic key material must be recreated. Please see Security Focus references for more details.

Feeds and posts are not affliated with ://URLFAN. They are displayed here simply for informational purposes, if you would like to remove your feed, posts, or domain from ranking and analysis, please contact us.

://URLFAN (.15)
Contact Us - About ://URLFAN - Notify me when my site is added or updated.