Debian OpenSSL Package Random Number Generator Weakness

Attackers can use brute-force techniques to exploit this issue.

An automated tool to brute-force keys is available at the following location:
http://sugar.metasploit.com/debian_ssh_rsa_2048_x86.tar.bz2

Please note that Symantec has not tested nor verified this application.

Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.

The following Ruby and Python scrips are also available:


 

Privacy Statement
Copyright 2010, SecurityFocus