SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) on Red Hat Enterprise Linux release 8.7 (Ootpa)

Kaushal Shriyan kaushalshriyan at gmail.com
Wed Jan 24 03:04:16 AEDT 2024


Hi,

I have the SSH Terrapin Prefix Truncation Weakness on Red Hat Enterprise
Linux release 8.7 (Ootpa). The details are as follows.

# rpm -qa | grep openssh
openssh-8.0p1-16.el8.x86_64
openssh-askpass-8.0p1-16.el8.x86_64
openssh-server-8.0p1-16.el8.x86_64
openssh-clients-8.0p1-16.el8.x86_64

# cat /etc/redhat-release
Red Hat Enterprise Linux release 8.7 (Ootpa)
#

SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795)

Synopsis
The remote SSH server is vulnerable to a mitm prefix truncation attack.
Description
The remote SSH server is vulnerable to a man-in-the-middle prefix
truncation weakness known as Terrapin.
This can allow a remote, man-in-the-middle attacker to bypass integrity
checks and downgrade the
connection's security.
Note that this plugin only checks for remote SSH servers that support
either ChaCha20-Poly1305 or CBC
with Encrypt-then-MAC and do not support the strict key exchange
countermeasures. It does not check for
vulnerable software versions.
See Also
https://terrapin-attack.com/

Solution
Contact the vendor for an update with the strict key exchange
countermeasures or disable the affected
algorithms.
Risk Factor
Medium
CVSS v3.0 Base Score
5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVSS v3.0 Temporal Score
5.3 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
6.9
CVSS v2.0 Base Score
5.4 (CVSS2#AV:N/AC:H/Au:N/C:N/I:C/A:N)
CVSS v2.0 Temporal Score
4.2 (CVSS2#E:POC/RL:OF/RC:C)
187315 (10) - SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) 16

References
CVE CVE-2023-48795

Is there a way to configure /etc/ssh/sshd_config to mitigate SSH Terrapin
Prefix Truncation Weakness (CVE-2023-48795)?

Please guide me.

Thanks in advance.

Best Regards,

Kaushal


More information about the openssh-unix-dev mailing list