Don't ssh me!

[L&LD]

SSH protects the world’s most sensitive networks. It just got a lot weaker

Novel Terrapin attack uses prefix truncation to downgrade the security of SSH channels.

arstechnica.com

 

[sfx2000]

This one is kind of interesting - it's narrow in scope, e.g. one has to have very specific alignment so that the attack/compromise can happen.

OpenSSH is affected on both Client and Server - I've read that Putty has released their own fix - checking to see where Dropbear lands here, as it was not immediately clear if it was affected or not...

 

[sfx2000]

checking to see where Dropbear lands here, as it was not immediately clear if it was affected or not...

Dropbear is also affected - so look for updates...

More info on the specific CVE here - very informative as to what is impacted...

NVD - CVE-2023-48795

nvd.nist.gov

 

[Justinh]

Never say 'impossible': "it invalidates proofs published in 2016 that concluded such attacks weren’t possible"

 

[sfx2000]

It's interesting - OpenSSH, by dint of the association with OpenBSD, was fairly quick to provide a fix for the client and server side - note that both sides need to be fixed...

Most of the other ssh implementations are rolling out fixes now...

It's not as bad as shellshock or heartbleed - but it's close, that's for sure... mostly because of not just the application view, but also the libs that apps call on...

Where things get really interesting is the risk for one of the newer VPN applications/architectures - Wireguard is very dependent on Chacha20-Poly1305, and that is hard-coded...

Let's see where this goes...

 

[RMerlin]

XShell 7 pushed an update today:

I'll keep an eye on the Dropbear repo over the coming days. Not entirely sure it's really vulnerable since the CVE seem to imply the exploit is related to OpenSSH extensions.

 

[RMerlin]

Update: Dropbear comited a fix yesterday:

dropbear/CHANGES at master · mkj/dropbear

Dropbear SSH. Contribute to mkj/dropbear development by creating an account on GitHub.

github.com

Add "Strict KEX" support. This mitigates a SSH protocol flaw which lets
  a MITM attacker silently remove packets immediately after the
  first key exchange. At present the flaw does not seem to reduce Dropbear's
  security (the only packet affected would be a server-sig-algs extension,
  which is used for compatibility not security).
  For Dropbear, chacha20-poly1305 is the only affected cipher.
  Both sides of the connection must support Strict KEX for it to be used.

  The protocol flaw is tracked as CVE-2023-48795, details
  at https://terrapin-attack.com . Thanks to the researchers Fabian Bäumer,
  Marcus Brinkmann, and Jörg Schwenk. Thanks to OpenSSH for specifying
  strict KEX mode.

 

[sfx2000]

Libssh also dropped a fix for this issue...

libssh – The SSH Library!

www.libssh.org

ChangeLog for libssh 0.10.6​

• Fix CVE-2023-6004: Command injection using proxycommand
• Fix CVE-2023-48795: Potential downgrade attack using strict kex
• Fix CVE-2023-6918: Missing checks for return values of MD functions
• Fix ssh_send_issue_banner() for CMD(PowerShell)
• Avoid passing other events to callbacks when poll is called recursively (#202)
• Allow @ in usernames when parsing from URI composes

ChangeLog for libssh 0.9.8​

• Fix CVE-2023-6004: Command injection using proxycommand
• Fix CVE-2023-48795: Potential downgrade attack using strict kex
• Fix CVE-2023-6918: Missing checks for return values of MD functions
• Allow @ in usernames when parsing from URI composes

 

[Justinh]

MobaXterm says they are working on a patch now, though they think the threat is very weak (unlikely to be exploited).