SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) on Red Hat Enterprise Linux release 8.7 (Ootpa)
Kaushal Shriyan
kaushalshriyan at gmail.com
Wed Jan 24 03:04:16 AEDT 2024
Hi,
I have the SSH Terrapin Prefix Truncation Weakness on Red Hat Enterprise
Linux release 8.7 (Ootpa). The details are as follows.
# rpm -qa | grep openssh
openssh-8.0p1-16.el8.x86_64
openssh-askpass-8.0p1-16.el8.x86_64
openssh-server-8.0p1-16.el8.x86_64
openssh-clients-8.0p1-16.el8.x86_64
# cat /etc/redhat-release
Red Hat Enterprise Linux release 8.7 (Ootpa)
#
SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795)
Synopsis
The remote SSH server is vulnerable to a mitm prefix truncation attack.
Description
The remote SSH server is vulnerable to a man-in-the-middle prefix
truncation weakness known as Terrapin.
This can allow a remote, man-in-the-middle attacker to bypass integrity
checks and downgrade the
connection's security.
Note that this plugin only checks for remote SSH servers that support
either ChaCha20-Poly1305 or CBC
with Encrypt-then-MAC and do not support the strict key exchange
countermeasures. It does not check for
vulnerable software versions.
See Also
https://terrapin-attack.com/
Solution
Contact the vendor for an update with the strict key exchange
countermeasures or disable the affected
algorithms.
Risk Factor
Medium
CVSS v3.0 Base Score
5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVSS v3.0 Temporal Score
5.3 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
6.9
CVSS v2.0 Base Score
5.4 (CVSS2#AV:N/AC:H/Au:N/C:N/I:C/A:N)
CVSS v2.0 Temporal Score
4.2 (CVSS2#E:POC/RL:OF/RC:C)
187315 (10) - SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) 16
References
CVE CVE-2023-48795
Is there a way to configure /etc/ssh/sshd_config to mitigate SSH Terrapin
Prefix Truncation Weakness (CVE-2023-48795)?
Please guide me.
Thanks in advance.
Best Regards,
Kaushal
More information about the openssh-unix-dev
mailing list