The SANS Internet Storm Center has raised its Infocon status to yellow. The yellow status indicates that the ISC is “currently tracking a significant new threat. The impact is either unknown or expected to be minor to the infrastructure. However, local impact could be significant. Users are advised to take immediate specific action to contain the impact. Example: ‘MSBlaster’ worm outbreak.”
The reason for this increased alert is due to a bug discovered in the way Debian Linux, and other Linux distributions based on Debian such as Ubuntu, generated private keys for SSH and SSL based certificates. The bug enables attackers to guess what the private key is and automated scripts have been released to facilitate the cracking of vulnerable keys. Keys generated between September 2006 and May 2008 should be considered vulnerable and replaced.
It is still unclear whether a recent reports in the upsurge in Brute Force attacks against SSH is related.
So if you have a Debian based system using SSH Private keys that were generated between September 2006 and May 13th 2008 you need to regenerate your keys ASAP. Likewise if you have any SSL certificates produced in the same period you need to go through the process again.
