Re: SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) on Red Hat Enterprise Linux release 8.7 (Ootpa)

[Jacob M Cutright <cutrightjm@xxxxxx>]

A default RHEL 8/9 system is going to use the system-wide crypto 
policies per /etc/sysconfig/sshd. Below is just a summarized version of 
https://access.redhat.com/security/cve/cve-2023-48795

We can add in a cryptop-policies sub policy by creating the following file:

cat << EOF > /etc/crypto-policies/policies/modules/CVE-2023-48795.pmod
cipher@SSH = -CHACHA20-POLY1305
ssh_etm = 0
EOF

Append this crypto policy to your current system crypto policies:
update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795


Verify the new policy has taken place:
update-crypto-policies --show

Restart the application as recommended by command output:
systemctl restart sshd.service

Thanks,
Jacob

On 1/23/2024 11:02 AM, Kaushal Shriyan wrote:
> Hi,
>
> I have the SSH Terrapin Prefix Truncation Weakness on Red Hat Enterprise 
> Linux release 8.7 (Ootpa). The details are as follows.
>
> # rpm -qa | grep openssh
> openssh-8.0p1-16.el8.x86_64
> openssh-askpass-8.0p1-16.el8.x86_64
> openssh-server-8.0p1-16.el8.x86_64
> openssh-clients-8.0p1-16.el8.x86_64
>
> # cat /etc/redhat-release
> Red Hat Enterprise Linux release 8.7 (Ootpa)
> #
>
> SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795)
>
> Synopsis
> The remote SSH server is vulnerable to a mitm prefix truncation attack.
> Description
> The remote SSH server is vulnerable to a man-in-the-middle prefix 
> truncation weakness known as Terrapin.
> This can allow a remote, man-in-the-middle attacker to bypass integrity 
> checks and downgrade the
> connection's security.
> Note that this plugin only checks for remote SSH servers that support 
> either ChaCha20-Poly1305 or CBC
> with Encrypt-then-MAC and do not support the strict key exchange 
> countermeasures. It does not check for
> vulnerable software versions.
> See Also
> https://terrapin-attack.com/ <https://terrapin-attack.com/>
>
> Solution
> Contact the vendor for an update with the strict key exchange 
> countermeasures or disable the affected
> algorithms.
> Risk Factor
> Medium
> CVSS v3.0 Base Score
> 5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
> CVSS v3.0 Temporal Score
> 5.3 (CVSS:3.0/E:P/RL:O/RC:C)
> VPR Score
> 6.9
> CVSS v2.0 Base Score
> 5.4 (CVSS2#AV:N/AC:H/Au:N/C:N/I:C/A:N)
> CVSS v2.0 Temporal Score
> 4.2 (CVSS2#E:POC/RL:OF/RC:C)
> 187315 (10) - SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) 16
>
> References
> CVE CVE-2023-48795
>
> Is there a way to configure /etc/ssh/sshd_config to mitigate SSH 
> Terrapin Prefix Truncation Weakness (CVE-2023-48795)
>
> Please guide me.
>
> Thanks in advance.
>
> Best Regards,
>
> Kaushal
>
> --
> You received this message because you are subscribed to the Google 
> Groups "redhat-list@xxxxxxxxxx" group.
> To unsubscribe from this group and stop receiving emails from it, send 
> an email to redhat-list+unsubscribe@xxxxxxxxxx 
> <mailto:redhat-list+unsubscribe@xxxxxxxxxx>.

--
You received this message because you are subscribed to the Google Groups "redhat-list@xxxxxxxxxx" group.
To unsubscribe from this group and stop receiving emails from it, send an email to redhat-list+unsubscribe@xxxxxxxxxx.