Alarming open-source security holes found

the vulnerability was announced, computer hacker H. D. Moore of the
Metasploit
project released a set of “toys” for cracking the keys of these
poor Linux and Ubuntu computer systems. As of this past Sunday, Moore’s Web site had downloadable files
of pre-computed keys, just to make it easier to identify vulnerable computer
systems. Unlike the common buffer overflow bug, which can be fixed by loading
new software, keys created with the buggy software don’t get better when the
computer is patched: instead, new keys have to be generated and installed.
Complicating the process is the fact that keys also need to be certified and
distributed: the process is time consuming, complex, and error prone. Nobody
knows just how many systems are affected by this problem, because cryptographic
keys are portable: vulnerable keys could have been generated on a Debian system
in one office and then installed on a server running Windows in another. Debian
is a favored Linux distribution of many security professionals, and Ubuntu is
one of the most popular Linux distributions for general use, so the reach of
the problem could be quite widespread.

How did
the programmers make the mistake in the first place? Ironically, they were
using an automated tool designed to catch the kinds of programming bugs that
lead to security vulnerabilities. The tool, called Valgrind,
discovered that the OpenSSL library was using a block of memory without initializing
the memory to a known state — for example, setting the block’s contents to be
all zeros. Normally, it is a mistake to use memory without setting it to a
known value, but in this case, that unknown state was being intentionally used
by the OpenSSL library to help generate randomness. The uninitialized memory
was not the only source of randomness: OpenSSL also gets randomness from
sources like mouse movements, keystroke timings, the arrival of packets at the
network interface, and even microvariations in the speed of the computer’s hard disk. When the programmers
saw the errors generated by Valgrind, however, they commented out the offending
lines — and removed all the sources of randomness used to generate keys except
for one, an integer called the process ID that can range from 0 to 32,767. “Never
fix a bug you don’t understand!” raved OpenSSL developer Ben Laurie on
his blog after the full extent of the error became known. Laurie
blames the Debian developers for trying to fix the “bug” in the
version of OpenSSL distributed with the Debian and Ubuntu operating systems,
rather than sending the fix to the OpenSSL developers. “Had Debian done
this in this case,” he wrote, “we (the OpenSSL Team) would have
fallen about laughing, and once we had got our breath back, told them what a
terrible idea this was. But no, it seems that every vendor wants to ‘add value’
by getting in between the user of the software and its author.”

Garfinkel
says that perhaps the more disconcerting
is what this story tells us about the security of open-source software — and
about the security of software in general. One developer noticed a problem,
proposed a fix, and got the fix approved by a small number of people who did not
really understand the implications of what was being suggested. The result:
communications that should have been cryptographically protected between
millions of computer systems all over the world were not really protected at
all. Two years ago, Steve Gibson, a highly respected security consultant,
alleged that a significant bug found in some Microsoft software had more in common with a programmer trying to create an
intentional “back door” than with yet another Microsoft
coding error. “The Debian OpenSSL randomness error was almost certainly an
innocent mistake,” writes Garfinekl. “But what if a country like China or Russia wanted to intentionally introduce
secret vulnerabilities into our open-source software? Well concealed, such
vulnerabilities might lay hidden for years. One thing is for sure: we should
expect to discover more of these vulnerabilities as time goes on.”