以下摘自metasploit的blog

TheBug

OnMay13th,2008theDebianprojectannouncedthatLucianoBellofoundaninterestingvulnerabilityintheOpenSSLpackagetheyweredistributing.Thebuginquestionwascausedbytheremovalofthefollowinglineofcodefrommd_rand.c

MD_Update(&m,buf,j);

[..]

MD_Update(&m,buf,j);/*purifycomplains*/

TheselineswereremovedbecausetheycausedtheValgrindandPurifytoolstoproducewarningsabouttheuseofuninitializeddatainanycodethatwaslinkedtoOpenSSL.YoucanseeonesuchreporttotheOpenSSLteamhere.RemovingthiscodehasthesideeffectofcripplingtheseedingprocessfortheOpenSSLPRNG.Insteadofmixinginrandomdatafortheinitialseed,theonly“random”valuethatwasusedwasthecurrentprocessID.OntheLinuxplatform,thedefaultmaximumprocessIDis32,768,resultinginaverysmallnumberofseedvaluesbeingusedforallPRNGoperations.

所有在2006.9月到2008.5.13的debian平台上生成的key均受影响。debian很快修复了此漏洞，并给出了blacklists和自查工具。

攻击工具应该很快会出现，metasploit已经生成了key的数据库，可以用类似rainbow的方法去查询，也可以直接暴力破解sshkey。

现在就等worm什么时候出现了。

因为这个漏洞比较严重，所以特此记录，立此存照。

相关链接：

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=363516

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=363516

http://metasploit.com/users/hdm/tools/debian-openssl/

http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/61666

http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/61606

http://www.debian.org/security/2008/dsa-1571