SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) on Red Hat Enterprise Linux release 8.7 (Ootpa)
Johnnie W Adams
jxadams at ualr.edu
Wed Jan 24 03:09:00 AEDT 2024
You might find RedHat's CVE page on this useful:
https://access.redhat.com/security/cve/cve-2023-48795
On Tue, Jan 23, 2024 at 10:04 AM Kaushal Shriyan <kaushalshriyan at gmail.com>
wrote:
> Hi,
>
> I have the SSH Terrapin Prefix Truncation Weakness on Red Hat Enterprise
> Linux release 8.7 (Ootpa). The details are as follows.
>
> # rpm -qa | grep openssh
> openssh-8.0p1-16.el8.x86_64
> openssh-askpass-8.0p1-16.el8.x86_64
> openssh-server-8.0p1-16.el8.x86_64
> openssh-clients-8.0p1-16.el8.x86_64
>
> # cat /etc/redhat-release
> Red Hat Enterprise Linux release 8.7 (Ootpa)
> #
>
> SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795)
>
> Synopsis
> The remote SSH server is vulnerable to a mitm prefix truncation attack.
> Description
> The remote SSH server is vulnerable to a man-in-the-middle prefix
> truncation weakness known as Terrapin.
> This can allow a remote, man-in-the-middle attacker to bypass integrity
> checks and downgrade the
> connection's security.
> Note that this plugin only checks for remote SSH servers that support
> either ChaCha20-Poly1305 or CBC
> with Encrypt-then-MAC and do not support the strict key exchange
> countermeasures. It does not check for
> vulnerable software versions.
> See Also
> https://terrapin-attack.com/
>
> Solution
> Contact the vendor for an update with the strict key exchange
> countermeasures or disable the affected
> algorithms.
> Risk Factor
> Medium
> CVSS v3.0 Base Score
> 5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
> CVSS v3.0 Temporal Score
> 5.3 (CVSS:3.0/E:P/RL:O/RC:C)
> VPR Score
> 6.9
> CVSS v2.0 Base Score
> 5.4 (CVSS2#AV:N/AC:H/Au:N/C:N/I:C/A:N)
> CVSS v2.0 Temporal Score
> 4.2 (CVSS2#E:POC/RL:OF/RC:C)
> 187315 (10) - SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) 16
>
> References
> CVE CVE-2023-48795
>
> Is there a way to configure /etc/ssh/sshd_config to mitigate SSH Terrapin
> Prefix Truncation Weakness (CVE-2023-48795)?
>
> Please guide me.
>
> Thanks in advance.
>
> Best Regards,
>
> Kaushal
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
--
John Adams
Senior Linux/Middleware Administrator | Information Technology Services
+1-501-916-3010 | jxadams at ualr.edu | http://ualr.edu/itservices
*UA Little Rock*
Reminder: IT Services will never ask for your password over the phone or
in an email. Always be suspicious of requests for personal information that
come via email, even from known contacts. For more information or to
report suspicious email, visit IT Security
<http://ualr.edu/itservices/security/>.
More information about the openssh-unix-dev
mailing list