Ressources documentaires pour Mandriva Linux et les Logiciels Libres

OpenSSL vulnerability

Whereas Mandriva did not integrate the patch which make the debian based system being vulnerable to dictionary attacks, Mandriva users should also check their system to see if they are not eventually using of the vulnerable keys. As explained in this blog, Debian have include a tool to check if the user is using a known vulnerable SSH key by using a blacklist database : ssh-vulnkey.
More information on this utility can be found in the debian page dedicated to this issue.

Mandriva users are encouraged to check their SSL keys, and notably their SSH keys to see if eventually they not end up with a known vulnerable key. To do this, they can use the dowkd.pl perl utility. Here are the instructions to use it and test it as root :

  • Install the downkd.pl utility :
    urpmi perl-File-Temp perl-DB_File
    cd /tmp
    wget http://security.debian.org/project/extra/dowkd/dowkd.pl.gz
    gunzip dowkd.pl.gz
    
  • test your SSH Server Host Key :
    perl dowkd.pl host localhost
    
  • Test ssh key for user root :
    perl dowkd.pl user root
    
  • Do the same for any other user connecting with SSH, for example for the user named joe :
    perl dowkd.pl user joe

If you want to remotely test your SSH servers, you may use the debian_ssh_scan utility available on ITsecurity.net. Others tools can be found on the Metasploit dedicated page.

  • First, download and install it :
    urpmi python-paramiko
    cd /tmp
    wget http://itsecurity.net/debian_ssh_scan_v3.tar.bz2
    tar -jxvf debian_ssh_scan_v3.tar.bz2
    cd debian_ssh_scan_v3
    
  • Then, to check if the remote host with the IP 10.128.15.110 is vulnerable :
    ./debian_ssh_scan_v3.py 10.128.15.110
    

]]

Aucun commentaire jusqu'à présent.

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Catégories

My Tweets