| | | |
Symantec.com > Business > Support

Support


The Enterprise Support site offers assistance for small to large businesses.
Not an Enterprise Customer? Visit Home & Home Office Support


Technical Support

Technical Support
Find Your Product


Search the Knowledge Base

Customer Care

Customer Care
Customer Care responds to non-technical licensing and serialization questions on Symantec’s Enterprise products.


Support for Top Products

Recently purchased one of Symantec's top products? Let us help you get started.

Recent Acquisitions

Get support for products recently acquired by Symantec:
Learn more about Symantec's Acquisitions
The ThreatCon is at level 2. Advisories have been released addressing an issue related to weak key generation in Debian and its variants, such as Ubuntu. Using a weak random number generator in the OpenSSL package, the system generates a weak key when installing services such as Secure Shell (SSH) and OpenVPN. To fix this issue, users are advised to apply available updates for the OpenSSL library and to regenerate all cryptographic keys generated previously by the library. Keys generated from GNUPG and GNUTLS packages are reportedly unaffected. Several tools are already available that allow a brute-force attack against the weak keys. H D Moore has released a database of all weak keys generated for a typical encryption key space: (http://metasploit.com/users/hdm/tools/debian-openssl/) A script to brute-force the keys using that database has also been released on milw0rm by M. Mueller: (http://www.milw0rm.com/exploits/5622) These tools could be used to bypass key-based login for shell services such as SSH. Other potential tools could be used to decrypt traffic such as login information or to forge digital signatures. The Debian advisory addressing the issue provides information on how to tell if your system was using vulnerable keys. The following Debian and Ubuntu advisories are available: DSA-1571-1 openssl -- predictable random number generator (http://www.debian.org/security/2008/dsa-1571) USN-612-1: OpenSSL vulnerability (http://www.ubuntu.com/usn/USN-612-1)
Doing Business
Contact Enterprise Sales
©1995 - 2008 Symantec Corporation
Site Map |
Legal Notices |
Privacy Policy |
|
Contact Us |
Global Sites |
License Agreements