CVE-2023-48795
Published: 18 December 2023
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
Notes
| Author | Note |
|---|---|
| mdeslaur | Per upstream openssh developers: While cryptographically novel, the security impact of this attack is fortunately very limited as it only allows deletion of consecutive messages, and deleting most messages at this stage of the protocol prevents user user authentication from proceeding and results in a stuck connection. The most serious identified impact is that it lets a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication starts, allowing the attacker to disable a subset of the keystroke timing obfuscation features introduced in OpenSSH 9.5. There is no other discernable impact to session secrecy or session integrity. |
| sbeattie | putty fixes include some refactoring commits that are used by the added strict kex mode support |
| seth-arnold | openssh-ssh1 is provided for compatibility with old devices that cannot be upgraded to modern protocols. Thus we may not provide security support for this package if doing so would prevent access to equipment. |
| jdstrand | snapd contains an embedded copy of golang-go.crypto lxd in 18.04 LTS and earlier contains an embedded copy of golang-go.crypto |
| sbeattie | proftpd-dfsg contains an ssh implementation in mod-sftp (distributed in proftpd-mod-crypto/proftpd-basic) |
| mdeslaur | per Debian, libssh2 older than mantic isn't vulnerable as it doesn't support ChaCha20-Poly1305 and CBC-EtM. |
| ccdm94 | libssh will be marked as not affected for bionic and earlier as per the above note. ChaCha20-Poly1305 and CBC-EtM are present only in libssh 0.8.0 (released 2018-08-10. Bionic is version 0.8.0, but based on commit 94fa1e38, which was released 2017-08-25) and later. Patches provided by upstream do not apply cleanly to versions in bionic and earlier as several functionalities are not present in these versions of the code (making backports a more likely to introduce regressions) further supporting the defined not affected status. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
dropbear Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Needs triage
|
|
| jammy |
Needs triage
|
|
| lunar |
Ignored
(end of life, was needs-triage)
|
|
| mantic |
Needs triage
|
|
| trusty |
Ignored
(end of standard support)
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
|
Patches: upstream: https://github.com/mkj/dropbear/commit/6e43be5c7b99dbee49dc72b6f989f29fdd7e9356 |
||
|
filezilla Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
| focal |
Released
(3.46.3-1ubuntu0.1)
|
|
| jammy |
Released
(3.58.0-1ubuntu0.1)
|
|
| lunar |
Ignored
(end of life, was needed)
|
|
| mantic |
Released
(3.65.0-3ubuntu0.1)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(3.66.4.)
|
|
| xenial |
Not vulnerable
(code not present)
|
|
|
golang-go.crypto Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Needs triage
|
|
| jammy |
Needs triage
|
|
| lunar |
Ignored
(end of life, was needs-triage)
|
|
| mantic |
Needs triage
|
|
| trusty |
Ignored
(end of standard support)
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
|
Patches: upstream: https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d |
||
|
libssh Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
| focal |
Released
(0.9.3-2ubuntu2.4)
|
|
| jammy |
Released
(0.9.6-2ubuntu0.22.04.2)
|
|
| lunar |
Released
(0.10.4-2ubuntu0.2)
|
|
| mantic |
Released
(0.10.5-3ubuntu1.1)
|
|
| trusty |
Ignored
(end of standard support)
|
|
| upstream |
Released
(0.10.6-1)
|
|
| xenial |
Not vulnerable
(code not present)
|
|
|
Patches: upstream: https://gitlab.com/libssh/libssh-mirror/-/commit/4cef5e965a46e9271aed62631b152e4bd23c1e3c upstream: https://gitlab.com/libssh/libssh-mirror/-/commit/0870c8db28be9eb457ee3d4f9a168959d9507efd upstream: https://gitlab.com/libssh/libssh-mirror/-/commit/5846e57538c750c5ce67df887d09fa99861c79c6 upstream: https://gitlab.com/libssh/libssh-mirror/-/commit/89df759200d31fc79fbbe213d8eda0d329eebf6d |
||
|
libssh2 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
| focal |
Not vulnerable
(1.8.0-2.1ubuntu0.1)
|
|
| jammy |
Not vulnerable
(1.10.0-3)
|
|
| lunar |
Not vulnerable
(1.10.0-3)
|
|
| mantic |
Released
(1.11.0-2ubuntu0.1)
|
|
| trusty |
Not vulnerable
|
|
| upstream |
Released
(1.11.0-4)
|
|
| xenial |
Not vulnerable
|
|
|
Patches: upstream: https://github.com/libssh2/libssh2/commit/d34d9258b8420b19ec3f97b4cc5bf7aa7d98e35a upstream: https://github.com/libssh2/libssh2/pull/1291 |
||
|
lxd Launchpad, Ubuntu, Debian |
bionic |
Released
(3.0.3-0ubuntu1~18.04.2+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
| focal |
Not vulnerable
(code-not-present)
|
|
| jammy |
Does not exist
|
|
| lunar |
Does not exist
|
|
| mantic |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Released
(2.0.11-0ubuntu1~16.04.4+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
|
openssh Launchpad, Ubuntu, Debian |
bionic |
Released
(1:7.6p1-4ubuntu0.7+esm3)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
| focal |
Released
(1:8.2p1-4ubuntu0.10)
|
|
| jammy |
Released
(1:8.9p1-3ubuntu0.5)
|
|
| lunar |
Released
(1:9.0p1-1ubuntu8.6)
|
|
| mantic |
Released
(1:9.3p1-1ubuntu3.1)
|
|
| trusty |
Needs triage
|
|
| upstream |
Released
(1:9.5p1-1)
|
|
| xenial |
Released
(1:7.2p2-4ubuntu2.10+esm5)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
|
Patches: upstream: https://github.com/openssh/openssh-portable/commit/1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5 |
||
|
openssh-ssh1 Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Needs triage
|
|
| jammy |
Needs triage
|
|
| lunar |
Ignored
(end of life, was needs-triage)
|
|
| mantic |
Needs triage
|
|
| trusty |
Does not exist
|
|
| upstream |
Ignored
(frozen on openssh 7.5p)
|
|
| xenial |
Does not exist
|
|
|
paramiko Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Released
(2.6.0-2ubuntu0.3)
|
|
| jammy |
Released
(2.9.3-0ubuntu1.2)
|
|
| lunar |
Ignored
(end of life)
|
|
| mantic |
Released
(2.12.0-2ubuntu1.23.10.2)
|
|
| trusty |
Needs triage
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
|
Patches: upstream: https://github.com/paramiko/paramiko/commit/be3ffc18cc466e0b0a877d716721353c12561bcc upstream: https://github.com/paramiko/paramiko/commit/4c7f0410c533cdf0df2890512237961f934f5ab9 upstream: https://github.com/paramiko/paramiko/commit/773a174fb1e40e1d18dbe2625e16337ea401119e upstream: https://github.com/paramiko/paramiko/commit/c32be441a5ff0dc4914b22d6d1efa392aebe862f upstream: https://github.com/paramiko/paramiko/commit/f4dedacb9040d27d9844f51c81c28e0247d3e4a3 upstream: https://github.com/paramiko/paramiko/commit/73f079f5a4bbba7f3048dadbe05b24242206745e upstream: https://github.com/paramiko/paramiko/commit/75e311d3c0845a316b6e7b3fae2488d86ad5a270 upstream: https://github.com/paramiko/paramiko/commit/fa46de7feeeb8a01dc471581a0258252ce4f2db6 upstream: https://github.com/paramiko/paramiko/commit/8dcb237f0ee095b1d8b26765c3d41d0ab6963be9 upstream: https://github.com/paramiko/paramiko/commit/58785d29c47570fa700e096d16b9a0d3a6069048 upstream: https://github.com/paramiko/paramiko/commit/96db1e2be856eac66631761bae41167a1ebd2b4e upstream: https://github.com/paramiko/paramiko/commit/33508c920309860c4a775be70f209c2a400e18ec upstream: https://github.com/paramiko/paramiko/commit/30b447b911c39460bbef5e7834e339c43a251316 upstream: https://github.com/paramiko/paramiko/commit/3e4bdf998f5b1508322234a527e8fa432220368b |
||
|
proftpd-dfsg Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Needs triage
|
|
| jammy |
Needs triage
|
|
| lunar |
Ignored
(end of life, was needs-triage)
|
|
| mantic |
Needs triage
|
|
| trusty |
Ignored
(end of standard support)
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
|
putty Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Needs triage
|
|
| jammy |
Needs triage
|
|
| lunar |
Ignored
(end of life, was needs-triage)
|
|
| mantic |
Needs triage
|
|
| trusty |
Ignored
(end of standard support)
|
|
| upstream |
Released
(0.80-1)
|
|
| xenial |
Needs triage
|
|
|
Patches: upstream: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=9e099151574885f3c717ac10a633a9218db8e7bb upstream: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=f2e7086902b3605c96e54ef9c956ca7ab000010e upstream: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=9fcbb86f715bc03e58921482efe663aa0c662d62 upstream: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=244be5412728a7334a2d457fbac4e0a2597165e5 upstream: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=58fc33a155ad496bdcf380fa6193302240a15ae9 upstream: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=0b00e4ce26d89cd010e31e66fd02ac77cb982367 upstream: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=fdc891d17063ab26cf68c74245ab1fd9771556cb upstream: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=b80a41d386dbfa1b095c17bd2ed001477f302d46 |
||
|
python-asyncssh Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Needs triage
|
|
| jammy |
Needs triage
|
|
| lunar |
Ignored
(end of life, was needs-triage)
|
|
| mantic |
Needs triage
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(2.14.2)
|
|
| xenial |
Needs triage
|
|
|
Patches: upstream: https://github.com/ronf/asyncssh/commit/0bc73254f41acb140187e0c89606311f88de5b7b |
||
|
snapd Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Needs triage
|
|
| jammy |
Needs triage
|
|
| lunar |
Ignored
(end of life, was needs-triage)
|
|
| mantic |
Needs triage
|
|
| trusty |
Ignored
(end of standard support)
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.9 |
| Attack vector | Network |
| Attack complexity | High |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | High |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
References
- https://terrapin-attack.com/
- https://www.openwall.com/lists/oss-security/2023/12/18/3
- https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55
- https://ubuntu.com/security/notices/USN-6560-1
- https://ubuntu.com/security/notices/USN-6561-1
- https://ubuntu.com/security/notices/USN-6560-2
- https://ubuntu.com/security/notices/USN-6585-1
- https://ubuntu.com/security/notices/USN-6589-1
- https://ubuntu.com/security/notices/USN-6598-1
- https://www.cve.org/CVERecord?id=CVE-2023-48795
- https://ubuntu.com/security/notices/USN-6738-1
- NVD
- Launchpad
- Debian