Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2023-48795

Published: 18 December 2023

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.

Notes

AuthorNote
mdeslaur
Per upstream openssh developers:
While cryptographically novel, the security impact of this attack
is fortunately very limited as it only allows deletion of
consecutive messages, and deleting most messages at this stage of
the protocol prevents user user authentication from proceeding and
results in a stuck connection.
The most serious identified impact is that it lets a MITM to
delete the SSH2_MSG_EXT_INFO message sent before authentication
starts, allowing the attacker to disable a subset of the keystroke
timing obfuscation features introduced in OpenSSH 9.5. There is no
other discernable impact to session secrecy or session integrity.
sbeattie
putty fixes include some refactoring commits that are used
by the added strict kex mode support
seth-arnold
openssh-ssh1 is provided for compatibility with old devices
that cannot be upgraded to modern protocols. Thus we may not
provide security support for this package if doing so would
prevent access to equipment.
jdstrand
snapd contains an embedded copy of golang-go.crypto
lxd in 18.04 LTS and earlier contains an embedded copy of
golang-go.crypto
sbeattie
proftpd-dfsg contains an ssh implementation in mod-sftp
(distributed in proftpd-mod-crypto/proftpd-basic)
mdeslaur
per Debian, libssh2 older than mantic isn't vulnerable as it
doesn't support ChaCha20-Poly1305 and CBC-EtM.
ccdm94
libssh will be marked as not affected for bionic and earlier as per
the above note. ChaCha20-Poly1305 and CBC-EtM are present only in
libssh 0.8.0 (released 2018-08-10. Bionic is version 0.8.0, but
based on commit 94fa1e38, which was released 2017-08-25) and later.
Patches provided by upstream do not apply cleanly to versions in
bionic and earlier as several functionalities are not present in
these versions of the code (making backports a more likely to
introduce regressions) further supporting the defined not affected
status.

Priority

Medium

Cvss 3 Severity Score

5.9

Score breakdown

Status

Package Release Status
dropbear
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

jammy Needs triage

lunar Ignored
(end of life, was needs-triage)
mantic Needs triage

trusty Ignored
(end of standard support)
upstream Needs triage

xenial Needs triage

Patches:
upstream: https://github.com/mkj/dropbear/commit/6e43be5c7b99dbee49dc72b6f989f29fdd7e9356































filezilla
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal
Released (3.46.3-1ubuntu0.1)
jammy
Released (3.58.0-1ubuntu0.1)
lunar Ignored
(end of life, was needed)
mantic
Released (3.65.0-3ubuntu0.1)
trusty Does not exist

upstream
Released (3.66.4.)
xenial Not vulnerable
(code not present)
golang-go.crypto
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

jammy Needs triage

lunar Ignored
(end of life, was needs-triage)
mantic Needs triage

trusty Ignored
(end of standard support)
upstream Needs triage

xenial Needs triage

Patches:

upstream: https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d






























libssh
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal
Released (0.9.3-2ubuntu2.4)
jammy
Released (0.9.6-2ubuntu0.22.04.2)
lunar
Released (0.10.4-2ubuntu0.2)
mantic
Released (0.10.5-3ubuntu1.1)
trusty Ignored
(end of standard support)
upstream
Released (0.10.6-1)
xenial Not vulnerable
(code not present)
Patches:


upstream: https://gitlab.com/libssh/libssh-mirror/-/commit/4cef5e965a46e9271aed62631b152e4bd23c1e3c
upstream: https://gitlab.com/libssh/libssh-mirror/-/commit/0870c8db28be9eb457ee3d4f9a168959d9507efd
upstream: https://gitlab.com/libssh/libssh-mirror/-/commit/5846e57538c750c5ce67df887d09fa99861c79c6
upstream: https://gitlab.com/libssh/libssh-mirror/-/commit/89df759200d31fc79fbbe213d8eda0d329eebf6d


























libssh2
Launchpad, Ubuntu, Debian
bionic Not vulnerable

focal Not vulnerable
(1.8.0-2.1ubuntu0.1)
jammy Not vulnerable
(1.10.0-3)
lunar Not vulnerable
(1.10.0-3)
mantic
Released (1.11.0-2ubuntu0.1)
trusty Not vulnerable

upstream
Released (1.11.0-4)
xenial Not vulnerable

Patches:






upstream: https://github.com/libssh2/libssh2/commit/d34d9258b8420b19ec3f97b4cc5bf7aa7d98e35a
upstream: https://github.com/libssh2/libssh2/pull/1291
























lxd
Launchpad, Ubuntu, Debian
bionic Needed

focal Not vulnerable
(code-not-present)
jammy Does not exist

lunar Does not exist

mantic Does not exist

trusty Does not exist

upstream Needs triage

xenial Needed

openssh
Launchpad, Ubuntu, Debian
bionic
Released (1:7.6p1-4ubuntu0.7+esm3)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
focal
Released (1:8.2p1-4ubuntu0.10)
jammy
Released (1:8.9p1-3ubuntu0.5)
lunar
Released (1:9.0p1-1ubuntu8.6)
mantic
Released (1:9.3p1-1ubuntu3.1)
trusty Needs triage

upstream
Released (1:9.5p1-1)
xenial
Released (1:7.2p2-4ubuntu2.10+esm5)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
Patches:








upstream: https://github.com/openssh/openssh-portable/commit/1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5























openssh-ssh1
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

jammy Needs triage

lunar Ignored
(end of life, was needs-triage)
mantic Needs triage

trusty Does not exist

upstream Ignored
(frozen on openssh 7.5p)
xenial Does not exist

paramiko
Launchpad, Ubuntu, Debian
bionic Needs triage

focal
Released (2.6.0-2ubuntu0.3)
jammy
Released (2.9.3-0ubuntu1.2)
lunar Ignored
(end of life)
mantic
Released (2.12.0-2ubuntu1.23.10.2)
trusty Needs triage

upstream Needs triage

xenial Needs triage

Patches:









upstream: https://github.com/paramiko/paramiko/commit/be3ffc18cc466e0b0a877d716721353c12561bcc
upstream: https://github.com/paramiko/paramiko/commit/4c7f0410c533cdf0df2890512237961f934f5ab9
upstream: https://github.com/paramiko/paramiko/commit/773a174fb1e40e1d18dbe2625e16337ea401119e
upstream: https://github.com/paramiko/paramiko/commit/c32be441a5ff0dc4914b22d6d1efa392aebe862f
upstream: https://github.com/paramiko/paramiko/commit/f4dedacb9040d27d9844f51c81c28e0247d3e4a3
upstream: https://github.com/paramiko/paramiko/commit/73f079f5a4bbba7f3048dadbe05b24242206745e
upstream: https://github.com/paramiko/paramiko/commit/75e311d3c0845a316b6e7b3fae2488d86ad5a270
upstream: https://github.com/paramiko/paramiko/commit/fa46de7feeeb8a01dc471581a0258252ce4f2db6
upstream: https://github.com/paramiko/paramiko/commit/8dcb237f0ee095b1d8b26765c3d41d0ab6963be9
upstream: https://github.com/paramiko/paramiko/commit/58785d29c47570fa700e096d16b9a0d3a6069048
upstream: https://github.com/paramiko/paramiko/commit/96db1e2be856eac66631761bae41167a1ebd2b4e
upstream: https://github.com/paramiko/paramiko/commit/33508c920309860c4a775be70f209c2a400e18ec
upstream: https://github.com/paramiko/paramiko/commit/30b447b911c39460bbef5e7834e339c43a251316
upstream: https://github.com/paramiko/paramiko/commit/3e4bdf998f5b1508322234a527e8fa432220368b









proftpd-dfsg
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

jammy Needs triage

lunar Ignored
(end of life, was needs-triage)
mantic Needs triage

trusty Ignored
(end of standard support)
upstream Needs triage

xenial Needs triage

putty
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

jammy Needs triage

lunar Ignored
(end of life, was needs-triage)
mantic Needs triage

trusty Ignored
(end of standard support)
upstream
Released (0.80-1)
xenial Needs triage

Patches:























upstream: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=9e099151574885f3c717ac10a633a9218db8e7bb
upstream: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=f2e7086902b3605c96e54ef9c956ca7ab000010e
upstream: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=9fcbb86f715bc03e58921482efe663aa0c662d62
upstream: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=244be5412728a7334a2d457fbac4e0a2597165e5
upstream: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=58fc33a155ad496bdcf380fa6193302240a15ae9
upstream: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=0b00e4ce26d89cd010e31e66fd02ac77cb982367
upstream: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=fdc891d17063ab26cf68c74245ab1fd9771556cb
upstream: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=b80a41d386dbfa1b095c17bd2ed001477f302d46

python-asyncssh
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

jammy Needs triage

lunar Ignored
(end of life, was needs-triage)
mantic Needs triage

trusty Does not exist

upstream
Released (2.14.2)
xenial Needs triage

Patches:































upstream: https://github.com/ronf/asyncssh/commit/0bc73254f41acb140187e0c89606311f88de5b7b
snapd
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

jammy Needs triage

lunar Ignored
(end of life, was needs-triage)
mantic Needs triage

trusty Ignored
(end of standard support)
upstream Needs triage

xenial Needs triage

Severity score breakdown

Parameter Value
Base score 5.9
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact High
Availability impact None
Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N