Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clarify exposure to CVE-2023-48795 (Terrapin) #2189

Open
Trolldemorted opened this issue Dec 21, 2023 · 9 comments
Open

Clarify exposure to CVE-2023-48795 (Terrapin) #2189

Trolldemorted opened this issue Dec 21, 2023 · 9 comments

Comments

@Trolldemorted
Copy link

Summary of the new feature / enhancement

As an administrator, I'd like to know whether my fleet is vulnerable to the terrapin attack.

Proposed technical implementation details (optional)

No response

@tgauth
Copy link
Collaborator

tgauth commented Dec 21, 2023

In this case, Win32-OpenSSH is affected in the same way that OpenSSH-Portable, the upstream codebase, is. The release notes for upstream 9.6 have additional context - 9.6 release notes - which describe the impact as the following:

"While cryptographically novel, the security impact of this attack
is fortunately very limited as it only allows deletion of
consecutive messages, and deleting most messages at this stage of
the protocol prevents user user authentication from proceeding and
results in a stuck connection."

The releases notes go on to describe the potential disablement of an extension related to the keystroke timing obfuscation feature introduced upstream in version 9.5. Win32-OpenSSH only recently released version 9.5 with the keystroke timing obfuscation feature, and due to the release cadence, we were actually able to include a cherry-pick of upstream's "strict kex" protocol extension changes that mitigate this issue.

TLDR - the impact of the attack is fortunately very limited, but these are the two options to fully mitigate the vulnerability:

  • Upgrade to the latest Win32-OpenSSH release.
  • For existing Win32-OpenSSH releases, disable the vulnerable ciphers via ssh_config and sshd_config.

@Trolldemorted
Copy link
Author

Trolldemorted commented Dec 21, 2023

Thanks for the elaborate response! Can you estimate when you'll ship a fixed version to W10/W11/WS2022 through windows update?

@tgauth
Copy link
Collaborator

tgauth commented Dec 21, 2023

That's not currently planned for this issue - here is more info on the servicing criteria for Windows.

@TrueSkrillor
Copy link

While I understand that the impact for Win32-OpenSSH is somewhat limited, it still worries me that an update is not even remotely planned (at least, that's how I understand the last comment). "strict kex" as a countermeasure requires both peers to support it. With this in mind, "strict kex" won't be enabled for virtually all connections established by or to Win32-OpenSSH in the near future (because most users won't be updating their built-in SSH manually). This puts Microsoft customers at risk of avoidable Terrapin-style attacks targeting implementation flaws of the server. Also, consider that this combination can quickly escalate the impact of a successful attack up to a full in-session Man-in-the-Middle (as seen by the example of AsyncSSH).

That said, we recommend users update their implementations manually to ensure compatibility with "strict kex".

@compuguy
Copy link

That's not currently planned for this issue - here is more info on the servicing criteria for Windows.

I'm pretty sure it meets both of those bars...IMHO...

mend-for-github-com bot referenced this issue in DelineaXPM/dsv-k8s-sidecar Jan 15, 2024
This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| golang.org/x/crypto | `v0.14.0` -> `v0.17.0` |
[![age](https://developer.mend.io/api/mc/badges/age/go/golang.org%2fx%2fcrypto/v0.17.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/golang.org%2fx%2fcrypto/v0.17.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/golang.org%2fx%2fcrypto/v0.14.0/v0.17.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/golang.org%2fx%2fcrypto/v0.14.0/v0.17.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2023-48795](https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8)

### Summary

Terrapin is a prefix truncation attack targeting the SSH protocol. More
precisely, Terrapin breaks the integrity of SSH's secure channel. By
carefully adjusting the sequence numbers during the handshake, an
attacker can remove an arbitrary amount of messages sent by the client
or server at the beginning of the secure channel without the client or
server noticing it.

### Mitigations

To mitigate this protocol vulnerability, OpenSSH suggested a so-called
"strict kex" which alters the SSH handshake to ensure a
Man-in-the-Middle attacker cannot introduce unauthenticated messages as
well as convey sequence number manipulation across handshakes.

**Warning: To take effect, both the client and server must support this
countermeasure.**

As a stop-gap measure, peers may also (temporarily) disable the affected
algorithms and use unaffected alternatives like AES-GCM instead until
patches are available.

### Details

The SSH specifications of ChaCha20-Poly1305
(chacha20-poly1305@​openssh.com) and Encrypt-then-MAC
(*-etm@openssh.com MACs) are vulnerable against an arbitrary prefix
truncation attack (a.k.a. Terrapin attack). This allows for an extension
negotiation downgrade by stripping the SSH_MSG_EXT_INFO sent after the
first message after SSH_MSG_NEWKEYS, downgrading security, and disabling
attack countermeasures in some versions of OpenSSH. When targeting
Encrypt-then-MAC, this attack requires the use of a CBC cipher to be
practically exploitable due to the internal workings of the cipher mode.
Additionally, this novel attack technique can be used to exploit
previously unexploitable implementation flaws in a Man-in-the-Middle
scenario.

The attack works by an attacker injecting an arbitrary number of
SSH_MSG_IGNORE messages during the initial key exchange and consequently
removing the same number of messages just after the initial key exchange
has concluded. This is possible due to missing authentication of the
excess SSH_MSG_IGNORE messages and the fact that the implicit sequence
numbers used within the SSH protocol are only checked after the initial
key exchange.

In the case of ChaCha20-Poly1305, the attack is guaranteed to work on
every connection as this cipher does not maintain an internal state
other than the message's sequence number. In the case of
Encrypt-Then-MAC, practical exploitation requires the use of a CBC
cipher; while theoretical integrity is broken for all ciphers when using
this mode, message processing will fail at the application layer for CTR
and stream ciphers.

For more details see
[https://terrapin-attack.com](https://terrapin-attack.com).

### Impact

This attack targets the specification of ChaCha20-Poly1305
(chacha20-poly1305@​openssh.com) and Encrypt-then-MAC
(*-etm@openssh.com), which are widely adopted by well-known SSH
implementations and can be considered de-facto standard. These
algorithms can be practically exploited; however, in the case of
Encrypt-Then-MAC, we additionally require the use of a CBC cipher. As a
consequence, this attack works against all well-behaving SSH
implementations supporting either of those algorithms and can be used to
downgrade (but not fully strip) connection security in case SSH
extension negotiation (RFC8308) is supported. The attack may also enable
attackers to exploit certain implementation flaws in a man-in-the-middle
(MitM) scenario.

---

### Man-in-the-middle attacker can compromise integrity of secure
channel in golang.org/x/crypto
[CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) /
[GHSA-45x7-px36-x8w8](https://github.com/advisories/GHSA-45x7-px36-x8w8)
/ [GO-2023-2402](https://pkg.go.dev/vuln/GO-2023-2402)

<details>
<summary>More information</summary>

#### Details
A protocol weakness allows a MITM attacker to compromise the integrity
of the secure channel before it is established, allowing the attacker to
prevent transmission of a number of messages immediately after the
secure channel is established without either side being aware.

The impact of this attack is relatively limited, as it does not
compromise confidentiality of the channel. Notably this attack would
allow an attacker to prevent the transmission of the SSH2_MSG_EXT_INFO
message, disabling a handful of newer security features.

This protocol weakness was also fixed in OpenSSH 9.6.

#### Severity
Unknown

#### References
- [https://go.dev/issue/64784](https://go.dev/issue/64784)
- [https://go.dev/cl/550715](https://go.dev/cl/550715)
-
[https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d](https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d)
-
[https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg](https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg)
-
[https://www.openssh.com/txt/release-9.6](https://www.openssh.com/txt/release-9.6)

This data is provided by
[OSV](https://osv.dev/vulnerability/GO-2023-2402) and the [Go
Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY
4.0](https://github.com/golang/vulndb#license)).
</details>

---

### Prefix Truncation Attack against ChaCha20-Poly1305 and
Encrypt-then-MAC aka Terrapin
[CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) /
[GHSA-45x7-px36-x8w8](https://github.com/advisories/GHSA-45x7-px36-x8w8)
/ [GO-2023-2402](https://pkg.go.dev/vuln/GO-2023-2402)

<details>
<summary>More information</summary>

#### Details
##### Summary

Terrapin is a prefix truncation attack targeting the SSH protocol. More
precisely, Terrapin breaks the integrity of SSH's secure channel. By
carefully adjusting the sequence numbers during the handshake, an
attacker can remove an arbitrary amount of messages sent by the client
or server at the beginning of the secure channel without the client or
server noticing it.

##### Mitigations

To mitigate this protocol vulnerability, OpenSSH suggested a so-called
"strict kex" which alters the SSH handshake to ensure a
Man-in-the-Middle attacker cannot introduce unauthenticated messages as
well as convey sequence number manipulation across handshakes.

**Warning: To take effect, both the client and server must support this
countermeasure.**

As a stop-gap measure, peers may also (temporarily) disable the affected
algorithms and use unaffected alternatives like AES-GCM instead until
patches are available.

##### Details

The SSH specifications of ChaCha20-Poly1305
(chacha20-poly1305@&#8203;openssh.com) and Encrypt-then-MAC
(*-etm@openssh.com MACs) are vulnerable against an arbitrary prefix
truncation attack (a.k.a. Terrapin attack). This allows for an extension
negotiation downgrade by stripping the SSH_MSG_EXT_INFO sent after the
first message after SSH_MSG_NEWKEYS, downgrading security, and disabling
attack countermeasures in some versions of OpenSSH. When targeting
Encrypt-then-MAC, this attack requires the use of a CBC cipher to be
practically exploitable due to the internal workings of the cipher mode.
Additionally, this novel attack technique can be used to exploit
previously unexploitable implementation flaws in a Man-in-the-Middle
scenario.

The attack works by an attacker injecting an arbitrary number of
SSH_MSG_IGNORE messages during the initial key exchange and consequently
removing the same number of messages just after the initial key exchange
has concluded. This is possible due to missing authentication of the
excess SSH_MSG_IGNORE messages and the fact that the implicit sequence
numbers used within the SSH protocol are only checked after the initial
key exchange.

In the case of ChaCha20-Poly1305, the attack is guaranteed to work on
every connection as this cipher does not maintain an internal state
other than the message's sequence number. In the case of
Encrypt-Then-MAC, practical exploitation requires the use of a CBC
cipher; while theoretical integrity is broken for all ciphers when using
this mode, message processing will fail at the application layer for CTR
and stream ciphers.

For more details see
[https://terrapin-attack.com](https://terrapin-attack.com).

##### Impact

This attack targets the specification of ChaCha20-Poly1305
(chacha20-poly1305@&#8203;openssh.com) and Encrypt-then-MAC
(*-etm@openssh.com), which are widely adopted by well-known SSH
implementations and can be considered de-facto standard. These
algorithms can be practically exploited; however, in the case of
Encrypt-Then-MAC, we additionally require the use of a CBC cipher. As a
consequence, this attack works against all well-behaving SSH
implementations supporting either of those algorithms and can be used to
downgrade (but not fully strip) connection security in case SSH
extension negotiation (RFC8308) is supported. The attack may also enable
attackers to exploit certain implementation flaws in a man-in-the-middle
(MitM) scenario.

#### Severity
- CVSS Score: 5.9 / 10 (Medium)
- Vector String: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N`

#### References
-
[https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8](https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8)
-
[https://nvd.nist.gov/vuln/detail/CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795)
-
[https://github.com/PowerShell/Win32-OpenSSH/issues/2189](https://github.com/PowerShell/Win32-OpenSSH/issues/2189)
-
[https://github.com/apache/mina-sshd/issues/445](https://github.com/apache/mina-sshd/issues/445)
-
[https://github.com/cyd01/KiTTY/issues/520](https://github.com/cyd01/KiTTY/issues/520)
-
[https://github.com/hierynomus/sshj/issues/916](https://github.com/hierynomus/sshj/issues/916)
-
[https://github.com/janmojzis/tinyssh/issues/81](https://github.com/janmojzis/tinyssh/issues/81)
-
[https://github.com/mwiede/jsch/issues/457](https://github.com/mwiede/jsch/issues/457)
-
[https://github.com/paramiko/paramiko/issues/2337](https://github.com/paramiko/paramiko/issues/2337)
-
[https://github.com/proftpd/proftpd/issues/456](https://github.com/proftpd/proftpd/issues/456)
-
[https://github.com/ssh-mitm/ssh-mitm/issues/165](https://github.com/ssh-mitm/ssh-mitm/issues/165)
-
[https://github.com/NixOS/nixpkgs/pull/275249](https://github.com/NixOS/nixpkgs/pull/275249)
-
[https://github.com/libssh2/libssh2/pull/1291](https://github.com/libssh2/libssh2/pull/1291)
-
[https://github.com/mwiede/jsch/pull/461](https://github.com/mwiede/jsch/pull/461)
-
[https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0](https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0)
-
[https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab](https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab)
-
[https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d](https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d)
-
[https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5](https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5)
-
[https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3](https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3)
-
[https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951](https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951)
-
[https://access.redhat.com/security/cve/cve-2023-48795](https://access.redhat.com/security/cve/cve-2023-48795)
-
[https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/](https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/)
- [https://bugs.gentoo.org/920280](https://bugs.gentoo.org/920280)
-
[https://bugzilla.redhat.com/show_bug.cgi?id=2254210](https://bugzilla.redhat.com/show_bug.cgi?id=2254210)
-
[https://bugzilla.suse.com/show_bug.cgi?id=1217950](https://bugzilla.suse.com/show_bug.cgi?id=1217950)
-
[https://crates.io/crates/thrussh/versions](https://crates.io/crates/thrussh/versions)
-
[https://filezilla-project.org/versions.php](https://filezilla-project.org/versions.php)
-
[https://forum.netgate.com/topic/184941/terrapin-ssh-attack](https://forum.netgate.com/topic/184941/terrapin-ssh-attack)
-
[https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6](https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6)
-
[https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta](https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta)
-
[https://github.com/TeraTermProject/teraterm/releases/tag/v5.1](https://github.com/TeraTermProject/teraterm/releases/tag/v5.1)
-
[https://github.com/advisories/GHSA-45x7-px36-x8w8](https://github.com/advisories/GHSA-45x7-px36-x8w8)
-
[https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22](https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22)
-
[https://github.com/drakkan/sftpgo/releases/tag/v2.5.6](https://github.com/drakkan/sftpgo/releases/tag/v2.5.6)
-
[https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42](https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42)
-
[https://github.com/erlang/otp/releases/tag/OTP-26.2.1](https://github.com/erlang/otp/releases/tag/OTP-26.2.1)
-
[https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25](https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25)
-
[https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15](https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15)
-
[https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16](https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16)
-
[https://github.com/openssh/openssh-portable/commits/master](https://github.com/openssh/openssh-portable/commits/master)
-
[https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES](https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES)
-
[https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES](https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES)
-
[https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES](https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES)
-
[https://github.com/rapier1/hpn-ssh/releases](https://github.com/rapier1/hpn-ssh/releases)
-
[https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst](https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst)
-
[https://github.com/ronf/asyncssh/tags](https://github.com/ronf/asyncssh/tags)
-
[https://github.com/warp-tech/russh](https://github.com/warp-tech/russh)
-
[https://github.com/warp-tech/russh/releases/tag/v0.40.2](https://github.com/warp-tech/russh/releases/tag/v0.40.2)
-
[https://gitlab.com/libssh/libssh-mirror/-/tags](https://gitlab.com/libssh/libssh-mirror/-/tags)
- [https://go.dev/cl/550715](https://go.dev/cl/550715)
- [https://go.dev/issue/64784](https://go.dev/issue/64784)
-
[https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ](https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ)
-
[https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg](https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg)
-
[https://help.panic.com/releasenotes/transmit5/](https://help.panic.com/releasenotes/transmit5/)
-
[https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/](https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/)
-
[https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html](https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html)
-
[https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/)
-
[https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/)
-
[https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/)
-
[https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/)
-
[https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/)
-
[https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/)
-
[https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/)
-
[https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/)
-
[https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/)
-
[https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/)
-
[https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/)
-
[https://matt.ucc.asn.au/dropbear/CHANGES](https://matt.ucc.asn.au/dropbear/CHANGES)
-
[https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC](https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC)
-
[https://news.ycombinator.com/item?id=38684904](https://news.ycombinator.com/item?id=38684904)
-
[https://news.ycombinator.com/item?id=38685286](https://news.ycombinator.com/item?id=38685286)
-
[https://news.ycombinator.com/item?id=38732005](https://news.ycombinator.com/item?id=38732005)
- [https://nova.app/releases/#v11.8](https://nova.app/releases/#v11.8)
-
[https://oryx-embedded.com/download/#changelog](https://oryx-embedded.com/download/#changelog)
-
[https://roumenpetrov.info/secsh/#news20231220](https://roumenpetrov.info/secsh/#news20231220)
-
[https://security-tracker.debian.org/tracker/CVE-2023-48795](https://security-tracker.debian.org/tracker/CVE-2023-48795)
-
[https://security-tracker.debian.org/tracker/source-package/libssh2](https://security-tracker.debian.org/tracker/source-package/libssh2)
-
[https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg](https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg)
-
[https://security-tracker.debian.org/tracker/source-package/trilead-ssh2](https://security-tracker.debian.org/tracker/source-package/trilead-ssh2)
-
[https://security.gentoo.org/glsa/202312-16](https://security.gentoo.org/glsa/202312-16)
-
[https://security.gentoo.org/glsa/202312-17](https://security.gentoo.org/glsa/202312-17)
-
[https://security.netapp.com/advisory/ntap-20240105-0004/](https://security.netapp.com/advisory/ntap-20240105-0004/)
-
[https://thorntech.com/cve-2023-48795-and-sftp-gateway/](https://thorntech.com/cve-2023-48795-and-sftp-gateway/)
-
[https://twitter.com/TrueSkrillor/status/1736774389725565005](https://twitter.com/TrueSkrillor/status/1736774389725565005)
-
[https://ubuntu.com/security/CVE-2023-48795](https://ubuntu.com/security/CVE-2023-48795)
-
[https://winscp.net/eng/docs/history#6.2.2](https://winscp.net/eng/docs/history#6.2.2)
-
[https://www.bitvise.com/ssh-client-version-history#933](https://www.bitvise.com/ssh-client-version-history#933)
-
[https://www.bitvise.com/ssh-server-version-history](https://www.bitvise.com/ssh-server-version-history)
-
[https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html](https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html)
-
[https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update](https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update)
-
[https://www.debian.org/security/2023/dsa-5586](https://www.debian.org/security/2023/dsa-5586)
-
[https://www.debian.org/security/2023/dsa-5588](https://www.debian.org/security/2023/dsa-5588)
-
[https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc](https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc)
-
[https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508](https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508)
-
[https://www.netsarang.com/en/xshell-update-history/](https://www.netsarang.com/en/xshell-update-history/)
-
[https://www.openssh.com/openbsd.html](https://www.openssh.com/openbsd.html)
-
[https://www.openssh.com/txt/release-9.6](https://www.openssh.com/txt/release-9.6)
-
[https://www.openwall.com/lists/oss-security/2023/12/18/2](https://www.openwall.com/lists/oss-security/2023/12/18/2)
-
[https://www.openwall.com/lists/oss-security/2023/12/20/3](https://www.openwall.com/lists/oss-security/2023/12/20/3)
-
[https://www.paramiko.org/changelog.html](https://www.paramiko.org/changelog.html)
-
[https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/](https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/)
-
[https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/](https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/)
- [https://www.terrapin-attack.com](https://www.terrapin-attack.com)
-
[https://www.theregister.com/2023/12/20/terrapin_attack_ssh](https://www.theregister.com/2023/12/20/terrapin_attack_ssh)
-
[https://www.vandyke.com/products/securecrt/history.txt](https://www.vandyke.com/products/securecrt/history.txt)
-
[http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html](http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html)
-
[http://www.openwall.com/lists/oss-security/2023/12/18/3](http://www.openwall.com/lists/oss-security/2023/12/18/3)
-
[http://www.openwall.com/lists/oss-security/2023/12/19/5](http://www.openwall.com/lists/oss-security/2023/12/19/5)
-
[http://www.openwall.com/lists/oss-security/2023/12/20/3](http://www.openwall.com/lists/oss-security/2023/12/20/3)

This data is provided by
[OSV](https://osv.dev/vulnerability/GHSA-45x7-px36-x8w8) and the [GitHub
Advisory Database](https://github.com/github/advisory-database)
([CC-BY
4.0](https://github.com/github/advisory-database/blob/main/LICENSE.md)).
</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy41Mi4wIiwidXBkYXRlZEluVmVyIjoiMzcuMTA4LjAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIn0=-->

Co-authored-by: mend-for-github-com[bot] <50673670+mend-for-github-com[bot]@users.noreply.github.com>
@maertendMSFT
Copy link
Collaborator

This was rediscussed and the position remains unchanged. The 9.5 release is available with the mitigation. ssh_config and sshd_config can be modified to remediate this risk. Future releases of Windows will be based on 9.5+ and the risk will not be present.

@awakecoding
Copy link

Hi - I maintain a downstream fork of Win32-OpenSSH with patches and builds for non-Windows platforms, can you clarify which tags in https://github.com/PowerShell/openssh-portable have the mitigation in place, and which commit contains the backported mitigation for Terrapin? Is the Win32-OpenSSH v9.5.0.0 tag safe? Has the mitigation been backported to other tags on the repository? Thanks!

@tgauth
Copy link
Collaborator

tgauth commented Feb 1, 2024

@JuliusBairaktaris
Copy link

Hey, as @maertendMSFT already pointed out, you can mitigate the vulnerability on versions <v9.5 by modifying your ssh config. I have created a PS script to help with this tedious task for users who do not want to switch to the "beta" version of OpenSSH for Windows.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

7 participants