Vulnerabilities > CVE-2011-0766 - Cryptographic Issues vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2011-9657.NASL description - Ver. R14B03 - New module - diameter - Several new examples directories - Fixed building on F-15 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 55742 published 2011-08-01 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55742 title Fedora 14 : erlang-R14B-03.1.fc14 (2011-9657) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_E483392786E511E0A6B4000A5E1E33C6.NASL description US-CERT reports : The Erlang/OTP ssh library implements a number of cryptographic operations that depend on cryptographically strong random numbers. Unfortunately the RNG used by the library is not cryptographically strong, and is further weakened by the use of predictable seed material. The RNG (Wichman-Hill) is not mixed with an entropy source. last seen 2020-06-01 modified 2020-06-02 plugin id 54826 published 2011-05-26 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/54826 title FreeBSD : Erlang -- ssh library uses a weak random number generator (e4833927-86e5-11e0-a6b4-000a5e1e33c6) NASL family Fedora Local Security Checks NASL id FEDORA_2011-9598.NASL description - Ver. R14B03 - New module - diameter - Several new examples directories - Fixed building on F-15 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 55741 published 2011-08-01 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55741 title Fedora 15 : erlang-R14B-03.2.fc15 (2011-9598)
Seebug
bulletinFamily | exploit |
description | Bugtraq ID: 47980 CVE ID:CVE-2011-0766 Erlang是一种通用的面向并发的编程语言,OTP是包装在Erlang中的一组库程序。 Erlang/OTP ssh库依靠强大的加密随机数实现多个加密操作,但是库使用的RNG加密不够强壮,而且使用了可预测种子数据而进一步削弱了加密强度。RNG(Wichman-Hill)没有与熵源进行混合处理。 库中所有ssh连接的种子使用当前时间(大约微秒分辨率),通过观察从这个库建立的连接时间,可猜测三个RNG种子中前两个组成部分,第三个可通过尝试每个可能的值(1..1000000)暴力破解恢复。 利用库以明文kexinit消息发送的16字节随机会话cookie可更方便的猜测准确种子,此cookie是RNG序列中的17-32字节。 如果能恢复会话RNG种子,攻击者可以简单的执行SSH库一样的DH密钥更换操作,并恢复会话密钥。此外,如果SSH库用于服务端连接并使用了DSA主机密钥,可从kex_dh消息中恢复私钥。私钥签名值k可从RNG种子中获取(序列中170-190字节),因此利用kex_dh_reply消息中的公告DSA密钥数据,通过转换签名操作可恢复私钥部分。 erlang.org Erlang/OTP R14B02 erlang.org Erlang/OTP R14B01 erlang.org Erlang/OTP R14B erlang.org Erlang/OTP R14A 厂商解决方案 Erlang/OTP R14B03已经修复此漏洞,建议用户下载使用: http://www.erlang.org/download.html 用户也可参考供应商提供的如下安全补丁: https://github.com/erlang/otp/commit/f228601de45c5b53241b103af6616453c50885a5 |
id | SSV:20589 |
last seen | 2017-11-19 |
modified | 2011-05-26 |
published | 2011-05-26 |
reporter | Root |
title | Erlang/OTP SSH库随机数生成漏洞 |
References
- http://secunia.com/advisories/44709
- http://www.kb.cert.org/vuls/id/178990
- http://www.securityfocus.com/bid/47980
- https://github.com/erlang/otp/commit/f228601de45c5b53241b103af6616453c50885a5
- http://secunia.com/advisories/44709
- https://github.com/erlang/otp/commit/f228601de45c5b53241b103af6616453c50885a5
- http://www.securityfocus.com/bid/47980
- http://www.kb.cert.org/vuls/id/178990