Kaushal Shriyan
2024-Jan-23 16:04 UTC
SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) on Red Hat Enterprise Linux release 8.7 (Ootpa)
Hi, I have the SSH Terrapin Prefix Truncation Weakness on Red Hat Enterprise Linux release 8.7 (Ootpa). The details are as follows. # rpm -qa | grep openssh openssh-8.0p1-16.el8.x86_64 openssh-askpass-8.0p1-16.el8.x86_64 openssh-server-8.0p1-16.el8.x86_64 openssh-clients-8.0p1-16.el8.x86_64 # cat /etc/redhat-release Red Hat Enterprise Linux release 8.7 (Ootpa) # SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) Synopsis The remote SSH server is vulnerable to a mitm prefix truncation attack. Description The remote SSH server is vulnerable to a man-in-the-middle prefix truncation weakness known as Terrapin. This can allow a remote, man-in-the-middle attacker to bypass integrity checks and downgrade the connection's security. Note that this plugin only checks for remote SSH servers that support either ChaCha20-Poly1305 or CBC with Encrypt-then-MAC and do not support the strict key exchange countermeasures. It does not check for vulnerable software versions. See Also https://terrapin-attack.com/ Solution Contact the vendor for an update with the strict key exchange countermeasures or disable the affected algorithms. Risk Factor Medium CVSS v3.0 Base Score 5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N) CVSS v3.0 Temporal Score 5.3 (CVSS:3.0/E:P/RL:O/RC:C) VPR Score 6.9 CVSS v2.0 Base Score 5.4 (CVSS2#AV:N/AC:H/Au:N/C:N/I:C/A:N) CVSS v2.0 Temporal Score 4.2 (CVSS2#E:POC/RL:OF/RC:C) 187315 (10) - SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) 16 References CVE CVE-2023-48795 Is there a way to configure /etc/ssh/sshd_config to mitigate SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795)? Please guide me. Thanks in advance. Best Regards, Kaushal
Johnnie W Adams
2024-Jan-23 16:09 UTC
SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) on Red Hat Enterprise Linux release 8.7 (Ootpa)
You might find RedHat's CVE page on this useful: https://access.redhat.com/security/cve/cve-2023-48795 On Tue, Jan 23, 2024 at 10:04?AM Kaushal Shriyan <kaushalshriyan at gmail.com> wrote:> Hi, > > I have the SSH Terrapin Prefix Truncation Weakness on Red Hat Enterprise > Linux release 8.7 (Ootpa). The details are as follows. > > # rpm -qa | grep openssh > openssh-8.0p1-16.el8.x86_64 > openssh-askpass-8.0p1-16.el8.x86_64 > openssh-server-8.0p1-16.el8.x86_64 > openssh-clients-8.0p1-16.el8.x86_64 > > # cat /etc/redhat-release > Red Hat Enterprise Linux release 8.7 (Ootpa) > # > > SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) > > Synopsis > The remote SSH server is vulnerable to a mitm prefix truncation attack. > Description > The remote SSH server is vulnerable to a man-in-the-middle prefix > truncation weakness known as Terrapin. > This can allow a remote, man-in-the-middle attacker to bypass integrity > checks and downgrade the > connection's security. > Note that this plugin only checks for remote SSH servers that support > either ChaCha20-Poly1305 or CBC > with Encrypt-then-MAC and do not support the strict key exchange > countermeasures. It does not check for > vulnerable software versions. > See Also > https://terrapin-attack.com/ > > Solution > Contact the vendor for an update with the strict key exchange > countermeasures or disable the affected > algorithms. > Risk Factor > Medium > CVSS v3.0 Base Score > 5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N) > CVSS v3.0 Temporal Score > 5.3 (CVSS:3.0/E:P/RL:O/RC:C) > VPR Score > 6.9 > CVSS v2.0 Base Score > 5.4 (CVSS2#AV:N/AC:H/Au:N/C:N/I:C/A:N) > CVSS v2.0 Temporal Score > 4.2 (CVSS2#E:POC/RL:OF/RC:C) > 187315 (10) - SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) 16 > > References > CVE CVE-2023-48795 > > Is there a way to configure /etc/ssh/sshd_config to mitigate SSH Terrapin > Prefix Truncation Weakness (CVE-2023-48795)? > > Please guide me. > > Thanks in advance. > > Best Regards, > > Kaushal > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev >-- John Adams Senior Linux/Middleware Administrator | Information Technology Services +1-501-916-3010 | jxadams at ualr.edu | http://ualr.edu/itservices *UA Little Rock* Reminder: IT Services will never ask for your password over the phone or in an email. Always be suspicious of requests for personal information that come via email, even from known contacts. For more information or to report suspicious email, visit IT Security <http://ualr.edu/itservices/security/>.
Apparently Analagous Threads
- SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) on Red Hat Enterprise Linux release 8.7 (Ootpa)
- enable strong KexAlgorithms, Ciphers and MACs in /etc/ssh/sshd_config file on RHEL 8.x Linux OS
- enable strong KexAlgorithms, Ciphers and MACs in /etc/ssh/sshd_config file on RHEL 8.x Linux OS
- enable strong KexAlgorithms, Ciphers and MACs in /etc/ssh/sshd_config file on RHEL 8.x Linux OS
- Discussion: new terrapin resisting ciphers and macs (alternative to strict-kex) and -ctr mode question.