[maemo-developers] Does Debian OpenSSL problem affect Maemo ?
From: Anderson Lizardo anderson.lizardo at gmail.comDate: Sat May 17 03:11:44 EEST 2008
- Previous message: Does Debian OpenSSL problem affect Maemo ?
- Next message: Does Debian OpenSSL problem affect Maemo ?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, May 16, 2008 at 1:47 PM, MoRpHeUz <morpheuz at gmail.com> wrote: > Hi, > > On Fri, May 16, 2008 at 2:17 PM, Andrew Daviel <advax at triumf.ca> wrote: >> I wondered if Maemo had inherited this problem. > > The advisories says that the versions of openssl affected are > 0.9.8c-1 up to 0.9.8g-9. On my tablets, the version installed is 0.9.7 AFAIK the actual issue is that keys *generated* on a afftected system are vulnerable. Therefore, if you happened to generate a private/public key pair on a host system with the affected openssl library and added the public key to the device's /root/.ssh/authorized_keys, then the device is susceptible to remote brute force attack [1]. Of course this requires the following: - the device be in RD mode (not sure) - openssh server package installed and enabled - you manually copied a vulnerable public SSH key to the device's /root/.ssh/authorized_keys [1] http://seclists.org/fulldisclosure/2008/May/0410.html Regards, -- Anderson Lizardo Instituto Nokia de Tecnologia (INdT) Manaus - Brazil
- Previous message: Does Debian OpenSSL problem affect Maemo ?
- Next message: Does Debian OpenSSL problem affect Maemo ?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]