The officially official Devuan Forum!

You are not logged in.

#1 2023-12-18 18:52:00

siva
Member
Registered: 2018-01-25
Posts: 282  

Terrapin SSH vulnerability

CVE Page: https://nvd.nist.gov/vuln/detail/CVE-2023-48795

Article: https://terrapin-attack.com/

Terrapin is a prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at the beginning of the secure channel without the client or server noticing it.

The attack can be performed in practice, allowing an attacker to downgrade the connection's security by truncating the extension negotiation message (RFC8308) from the transcript. The truncation can lead to using less secure client authentication algorithms and deactivating specific countermeasures against keystroke timing attacks in OpenSSH 9.5.

We also showed that Terrapin can be used to enable the exploitation of implementation flaws. For example, we found several weaknesses in the AsyncSSH servers' state machine, allowing an attacker to sign a victim's client into another account without the victim noticing. Hence, it will enable strong phishing attacks and may grant the attacker Man-in-the-Middle (MitM) capabilities within the encrypted session.

To perform the Terrapin attack in practice, we require MitM capabilities at the network layer (the attacker must be able to intercept and modify the connection's traffic). Additionally, the connection must be secured by either ChaCha20-Poly1305 or CBC with Encrypt-then-MAC. However, our scan indicates an extensive adoption of these encryption modes; therefore, Terrapin applies to most real-world SSH sessions.

Quick and dirty run of the scanner:

$ go version
go version go1.21.4 linux/arm64
$ git clone https://github.com/RUB-NDS/Terrapin-Scanner/
Cloning into 'Terrapin-Scanner'...
remote: Enumerating objects: 41, done.
remote: Counting objects: 100% (41/41), done.
remote: Compressing objects: 100% (26/26), done.
remote: Total 41 (delta 17), reused 32 (delta 12), pack-reused 0
Receiving objects: 100% (41/41), 13.50 KiB | 1.35 MiB/s, done.
Resolving deltas: 100% (17/17), done.
$ cd Terrapin-Scanner
$ mkdir bin  
$ env GOBIN="$(pwd)/bin" go install github.com/RUB-NDS/Terrapin-Scanner@latest
go: downloading github.com/RUB-NDS/Terrapin-Scanner v1.0.2
$ cd bin
$ ls
Terrapin-Scanner
$ ssh devuan@10.37.130.8 "ssh -V && uname -a && lsb_release -a"
devuan@10.37.130.8's password: 
OpenSSH_9.2p1 Debian-2+deb12u1, OpenSSL 3.0.11 19 Sep 2023
Linux devuan 6.1.0-10-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.38-1 (2023-07-14) x86_64 GNU/Linux
Distributor ID:    Devuan
Description:    Devuan GNU/Linux 5 (daedalus)
Release:    5
Codename:    daedalus
$ ./Terrapin-Scanner -connect 10.37.130.8:22
================================================================================
==================================== Report ====================================
================================================================================

Remote Banner: SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u1

ChaCha20-Poly1305 support:   true
CBC-EtM support:             false

Strict key exchange support: false

==> The scanned peer is VULNERABLE to Terrapin.

Note: This tool is provided as is, with no warranty whatsoever. It determines
      the vulnerability of a peer by checking the supported algorithms and
      support for strict key exchange. It may falsely claim a peer to be
      vulnerable if the vendor supports countermeasures other than strict key
      exchange.

For more details visit our website available at https://terrapin-attack.com
$

Last edited by siva (2023-12-18 19:25:24)

Offline

#2 2023-12-18 20:11:23

quickfur
Member
Registered: 2023-12-14
Posts: 431  

Re: Terrapin SSH vulnerability

Ouch!

Patched my ssh servers/clients. Thanks for the note!

Online

Board footer