-
Notifications
You must be signed in to change notification settings - Fork 130
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Terrapin Attack vs. SSH-MITM: Comparing Packet Handling #165
Comments
Thanks for the question. I've read the paper and their attack is different from SSH-MITM's. There are some similarities in handling MSG_KEXINIT packets because SSH-MITM needs to drop them, but the use cases are different. Major differences:Target server and fingerprint:
Intercepting and modification of Shell, SFTP and other features
Ignoring specific packets during kex init protocol part SSH-MITM modifies the kex init part, because there are some clients which have some incompatibilities with Paramiko during interception. Paramiko is a client and server library and not designed to intercept ssh connections and handling the intercepted packets. SSH-MITM tries to mimic the destination server as much as possible which breaks some functionality in Paramiko.. In such cases not only the mentioned packet is ignored. The possible KEX algorithms also need to be modified to avoid disconnects from some ssh client libraries. As you can see, there are some similarities with the Terrapin Attack, but the attack vector is different. The Terrapin Attack is a new vulnerability and attack vector, as one of the major differences is the weaknesses in the underlying cryptography from the mentioned algorithms in their paper. |
I have reopened this issue, because the Terrapin Attack might be relevant for conducting mitm attacks. With vulnerabilities like CVE-2020-14145 it's possible to detect clients which have already the destinations fingerprint stored. Such clients will raise a mitm warning when intercepted by SSH-MITM. In the past, the only option was to silently drop the connection before the client raises the warniing. To avoid further warnings, the clients connection could be proxied to the destination server without intercepting ssh. Terrapin Attack allows a mitm attacks to intercept and manipulate those connections, if the client does not use "kex-strict". Perhaps it's interesting to support Terrapin Attack to modify such connections for further audits of ssh connections. Important! If you are a system administrator you should check if your distribution has released a patched version. |
I have created a pull request for paramikos type hints (python/typeshed#11218). The next release will include compatibility with paramiko >=3.4 and supports the Terrapin Attack fixes. |
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | golang.org/x/crypto | `v0.14.0` -> `v0.17.0` | [![age](https://developer.mend.io/api/mc/badges/age/go/golang.org%2fx%2fcrypto/v0.17.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/go/golang.org%2fx%2fcrypto/v0.17.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/go/golang.org%2fx%2fcrypto/v0.14.0/v0.17.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/go/golang.org%2fx%2fcrypto/v0.14.0/v0.17.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2023-48795](https://togithub.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8) ### Summary Terrapin is a prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at the beginning of the secure channel without the client or server noticing it. ### Mitigations To mitigate this protocol vulnerability, OpenSSH suggested a so-called "strict kex" which alters the SSH handshake to ensure a Man-in-the-Middle attacker cannot introduce unauthenticated messages as well as convey sequence number manipulation across handshakes. **Warning: To take effect, both the client and server must support this countermeasure.** As a stop-gap measure, peers may also (temporarily) disable the affected algorithms and use unaffected alternatives like AES-GCM instead until patches are available. ### Details The SSH specifications of ChaCha20-Poly1305 (chacha20-poly1305@​openssh.com) and Encrypt-then-MAC (*[email protected] MACs) are vulnerable against an arbitrary prefix truncation attack (a.k.a. Terrapin attack). This allows for an extension negotiation downgrade by stripping the SSH_MSG_EXT_INFO sent after the first message after SSH_MSG_NEWKEYS, downgrading security, and disabling attack countermeasures in some versions of OpenSSH. When targeting Encrypt-then-MAC, this attack requires the use of a CBC cipher to be practically exploitable due to the internal workings of the cipher mode. Additionally, this novel attack technique can be used to exploit previously unexploitable implementation flaws in a Man-in-the-Middle scenario. The attack works by an attacker injecting an arbitrary number of SSH_MSG_IGNORE messages during the initial key exchange and consequently removing the same number of messages just after the initial key exchange has concluded. This is possible due to missing authentication of the excess SSH_MSG_IGNORE messages and the fact that the implicit sequence numbers used within the SSH protocol are only checked after the initial key exchange. In the case of ChaCha20-Poly1305, the attack is guaranteed to work on every connection as this cipher does not maintain an internal state other than the message's sequence number. In the case of Encrypt-Then-MAC, practical exploitation requires the use of a CBC cipher; while theoretical integrity is broken for all ciphers when using this mode, message processing will fail at the application layer for CTR and stream ciphers. For more details see [https://terrapin-attack.com](https://terrapin-attack.com). ### Impact This attack targets the specification of ChaCha20-Poly1305 (chacha20-poly1305@​openssh.com) and Encrypt-then-MAC (*[email protected]), which are widely adopted by well-known SSH implementations and can be considered de-facto standard. These algorithms can be practically exploited; however, in the case of Encrypt-Then-MAC, we additionally require the use of a CBC cipher. As a consequence, this attack works against all well-behaving SSH implementations supporting either of those algorithms and can be used to downgrade (but not fully strip) connection security in case SSH extension negotiation (RFC8308) is supported. The attack may also enable attackers to exploit certain implementation flaws in a man-in-the-middle (MitM) scenario. --- ### Man-in-the-middle attacker can compromise integrity of secure channel in golang.org/x/crypto [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) / [GHSA-45x7-px36-x8w8](https://togithub.com/advisories/GHSA-45x7-px36-x8w8) / [GO-2023-2402](https://pkg.go.dev/vuln/GO-2023-2402) <details> <summary>More information</summary> #### Details A protocol weakness allows a MITM attacker to compromise the integrity of the secure channel before it is established, allowing the attacker to prevent transmission of a number of messages immediately after the secure channel is established without either side being aware. The impact of this attack is relatively limited, as it does not compromise confidentiality of the channel. Notably this attack would allow an attacker to prevent the transmission of the SSH2_MSG_EXT_INFO message, disabling a handful of newer security features. This protocol weakness was also fixed in OpenSSH 9.6. #### Severity Unknown #### References - [https://go.dev/issue/64784](https://go.dev/issue/64784) - [https://go.dev/cl/550715](https://go.dev/cl/550715) - [https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d](https://togithub.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d) - [https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg](https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg) - [https://www.openssh.com/txt/release-9.6](https://www.openssh.com/txt/release-9.6) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2023-2402) and the [Go Vulnerability Database](https://togithub.com/golang/vulndb) ([CC-BY 4.0](https://togithub.com/golang/vulndb#license)). </details> --- ### Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) / [GHSA-45x7-px36-x8w8](https://togithub.com/advisories/GHSA-45x7-px36-x8w8) / [GO-2023-2402](https://pkg.go.dev/vuln/GO-2023-2402) <details> <summary>More information</summary> #### Details ##### Summary Terrapin is a prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at the beginning of the secure channel without the client or server noticing it. ##### Mitigations To mitigate this protocol vulnerability, OpenSSH suggested a so-called "strict kex" which alters the SSH handshake to ensure a Man-in-the-Middle attacker cannot introduce unauthenticated messages as well as convey sequence number manipulation across handshakes. **Warning: To take effect, both the client and server must support this countermeasure.** As a stop-gap measure, peers may also (temporarily) disable the affected algorithms and use unaffected alternatives like AES-GCM instead until patches are available. ##### Details The SSH specifications of ChaCha20-Poly1305 (chacha20-poly1305@​openssh.com) and Encrypt-then-MAC (*[email protected] MACs) are vulnerable against an arbitrary prefix truncation attack (a.k.a. Terrapin attack). This allows for an extension negotiation downgrade by stripping the SSH_MSG_EXT_INFO sent after the first message after SSH_MSG_NEWKEYS, downgrading security, and disabling attack countermeasures in some versions of OpenSSH. When targeting Encrypt-then-MAC, this attack requires the use of a CBC cipher to be practically exploitable due to the internal workings of the cipher mode. Additionally, this novel attack technique can be used to exploit previously unexploitable implementation flaws in a Man-in-the-Middle scenario. The attack works by an attacker injecting an arbitrary number of SSH_MSG_IGNORE messages during the initial key exchange and consequently removing the same number of messages just after the initial key exchange has concluded. This is possible due to missing authentication of the excess SSH_MSG_IGNORE messages and the fact that the implicit sequence numbers used within the SSH protocol are only checked after the initial key exchange. In the case of ChaCha20-Poly1305, the attack is guaranteed to work on every connection as this cipher does not maintain an internal state other than the message's sequence number. In the case of Encrypt-Then-MAC, practical exploitation requires the use of a CBC cipher; while theoretical integrity is broken for all ciphers when using this mode, message processing will fail at the application layer for CTR and stream ciphers. For more details see [https://terrapin-attack.com](https://terrapin-attack.com). ##### Impact This attack targets the specification of ChaCha20-Poly1305 (chacha20-poly1305@​openssh.com) and Encrypt-then-MAC (*[email protected]), which are widely adopted by well-known SSH implementations and can be considered de-facto standard. These algorithms can be practically exploited; however, in the case of Encrypt-Then-MAC, we additionally require the use of a CBC cipher. As a consequence, this attack works against all well-behaving SSH implementations supporting either of those algorithms and can be used to downgrade (but not fully strip) connection security in case SSH extension negotiation (RFC8308) is supported. The attack may also enable attackers to exploit certain implementation flaws in a man-in-the-middle (MitM) scenario. #### Severity - CVSS Score: 5.9 / 10 (Medium) - Vector String: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N` #### References - [https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8](https://togithub.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8) - [https://nvd.nist.gov/vuln/detail/CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) - [PowerShell/Win32-OpenSSH#2189 - [apache/mina-sshd#445 - [cyd01/KiTTY#520 - [hierynomus/sshj#916 - [janmojzis/tinyssh#81 - [mwiede/jsch#457 - [paramiko/paramiko#2337 - [proftpd/proftpd#456 - [ssh-mitm/ssh-mitm#165 - [NixOS/nixpkgs#275249 - [libssh2/libssh2#1291 - [mwiede/jsch#461 - [https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0](https://togithub.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0) - [https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab](https://togithub.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab) - [https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d](https://togithub.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d) - [https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5](https://togithub.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5) - [https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3](https://togithub.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3) - [https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951](https://togithub.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951) - [https://access.redhat.com/security/cve/cve-2023-48795](https://access.redhat.com/security/cve/cve-2023-48795) - [https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/](https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/) - [https://bugs.gentoo.org/920280](https://bugs.gentoo.org/920280) - [https://bugzilla.redhat.com/show_bug.cgi?id=2254210](https://bugzilla.redhat.com/show_bug.cgi?id=2254210) - [https://bugzilla.suse.com/show_bug.cgi?id=1217950](https://bugzilla.suse.com/show_bug.cgi?id=1217950) - [https://crates.io/crates/thrussh/versions](https://crates.io/crates/thrussh/versions) - [https://filezilla-project.org/versions.php](https://filezilla-project.org/versions.php) - [https://forum.netgate.com/topic/184941/terrapin-ssh-attack](https://forum.netgate.com/topic/184941/terrapin-ssh-attack) - [https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6](https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6) - [https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta](https://togithub.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta) - [https://github.com/TeraTermProject/teraterm/releases/tag/v5.1](https://togithub.com/TeraTermProject/teraterm/releases/tag/v5.1) - [https://github.com/advisories/GHSA-45x7-px36-x8w8](https://togithub.com/advisories/GHSA-45x7-px36-x8w8) - [https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22](https://togithub.com/connectbot/sshlib/compare/2.2.21...2.2.22) - [https://github.com/drakkan/sftpgo/releases/tag/v2.5.6](https://togithub.com/drakkan/sftpgo/releases/tag/v2.5.6) - [https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42](https://togithub.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42) - [https://github.com/erlang/otp/releases/tag/OTP-26.2.1](https://togithub.com/erlang/otp/releases/tag/OTP-26.2.1) - [https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25](https://togithub.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25) - [https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15](https://togithub.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15) - [https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16](https://togithub.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16) - [https://github.com/openssh/openssh-portable/commits/master](https://togithub.com/openssh/openssh-portable/commits/master) - [https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES](https://togithub.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES) - [https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES](https://togithub.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES) - [https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES](https://togithub.com/proftpd/proftpd/blob/master/RELEASE_NOTES) - [https://github.com/rapier1/hpn-ssh/releases](https://togithub.com/rapier1/hpn-ssh/releases) - [https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst](https://togithub.com/ronf/asyncssh/blob/develop/docs/changes.rst) - [https://github.com/ronf/asyncssh/tags](https://togithub.com/ronf/asyncssh/tags) - [https://github.com/warp-tech/russh](https://togithub.com/warp-tech/russh) - [https://github.com/warp-tech/russh/releases/tag/v0.40.2](https://togithub.com/warp-tech/russh/releases/tag/v0.40.2) - [https://gitlab.com/libssh/libssh-mirror/-/tags](https://gitlab.com/libssh/libssh-mirror/-/tags) - [https://go.dev/cl/550715](https://go.dev/cl/550715) - [https://go.dev/issue/64784](https://go.dev/issue/64784) - [https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ](https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ) - [https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg](https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg) - [https://help.panic.com/releasenotes/transmit5/](https://help.panic.com/releasenotes/transmit5/) - [https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/](https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/) - [https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html](https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html) - [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/) - [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/) - [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/) - [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/) - [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/) - [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/) - [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/) - [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/) - [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/) - [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/) - [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/) - [https://matt.ucc.asn.au/dropbear/CHANGES](https://matt.ucc.asn.au/dropbear/CHANGES) - [https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC](https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC) - [https://news.ycombinator.com/item?id=38684904](https://news.ycombinator.com/item?id=38684904) - [https://news.ycombinator.com/item?id=38685286](https://news.ycombinator.com/item?id=38685286) - [https://news.ycombinator.com/item?id=38732005](https://news.ycombinator.com/item?id=38732005) - [https://nova.app/releases/#v11.8](https://nova.app/releases/#v11.8) - [https://oryx-embedded.com/download/#changelog](https://oryx-embedded.com/download/#changelog) - [https://roumenpetrov.info/secsh/#news20231220](https://roumenpetrov.info/secsh/#news20231220) - [https://security-tracker.debian.org/tracker/CVE-2023-48795](https://security-tracker.debian.org/tracker/CVE-2023-48795) - [https://security-tracker.debian.org/tracker/source-package/libssh2](https://security-tracker.debian.org/tracker/source-package/libssh2) - [https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg](https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg) - [https://security-tracker.debian.org/tracker/source-package/trilead-ssh2](https://security-tracker.debian.org/tracker/source-package/trilead-ssh2) - [https://security.gentoo.org/glsa/202312-16](https://security.gentoo.org/glsa/202312-16) - [https://security.gentoo.org/glsa/202312-17](https://security.gentoo.org/glsa/202312-17) - [https://security.netapp.com/advisory/ntap-20240105-0004/](https://security.netapp.com/advisory/ntap-20240105-0004/) - [https://thorntech.com/cve-2023-48795-and-sftp-gateway/](https://thorntech.com/cve-2023-48795-and-sftp-gateway/) - [https://twitter.com/TrueSkrillor/status/1736774389725565005](https://twitter.com/TrueSkrillor/status/1736774389725565005) - [https://ubuntu.com/security/CVE-2023-48795](https://ubuntu.com/security/CVE-2023-48795) - [https://winscp.net/eng/docs/history#6.2.2](https://winscp.net/eng/docs/history#6.2.2) - [https://www.bitvise.com/ssh-client-version-history#933](https://www.bitvise.com/ssh-client-version-history#933) - [https://www.bitvise.com/ssh-server-version-history](https://www.bitvise.com/ssh-server-version-history) - [https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html](https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html) - [https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update](https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update) - [https://www.debian.org/security/2023/dsa-5586](https://www.debian.org/security/2023/dsa-5586) - [https://www.debian.org/security/2023/dsa-5588](https://www.debian.org/security/2023/dsa-5588) - [https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc](https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc) - [https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508](https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508) - [https://www.netsarang.com/en/xshell-update-history/](https://www.netsarang.com/en/xshell-update-history/) - [https://www.openssh.com/openbsd.html](https://www.openssh.com/openbsd.html) - [https://www.openssh.com/txt/release-9.6](https://www.openssh.com/txt/release-9.6) - [https://www.openwall.com/lists/oss-security/2023/12/18/2](https://www.openwall.com/lists/oss-security/2023/12/18/2) - [https://www.openwall.com/lists/oss-security/2023/12/20/3](https://www.openwall.com/lists/oss-security/2023/12/20/3) - [https://www.paramiko.org/changelog.html](https://www.paramiko.org/changelog.html) - [https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/](https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/) - [https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/](https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/) - [https://www.terrapin-attack.com](https://www.terrapin-attack.com) - [https://www.theregister.com/2023/12/20/terrapin_attack_ssh](https://www.theregister.com/2023/12/20/terrapin_attack_ssh) - [https://www.vandyke.com/products/securecrt/history.txt](https://www.vandyke.com/products/securecrt/history.txt) - [http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html](http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html) - [http://www.openwall.com/lists/oss-security/2023/12/18/3](http://www.openwall.com/lists/oss-security/2023/12/18/3) - [http://www.openwall.com/lists/oss-security/2023/12/19/5](http://www.openwall.com/lists/oss-security/2023/12/19/5) - [http://www.openwall.com/lists/oss-security/2023/12/20/3](http://www.openwall.com/lists/oss-security/2023/12/20/3) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-45x7-px36-x8w8) and the [GitHub Advisory Database](https://togithub.com/github/advisory-database) ([CC-BY 4.0](https://togithub.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy41Mi4wIiwidXBkYXRlZEluVmVyIjoiMzcuMTA4LjAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIn0=--> Co-authored-by: mend-for-github-com[bot] <50673670+mend-for-github-com[bot]@users.noreply.github.com>
I am reaching out to explore a potential similarity I noticed in packet handling between SSH-MITM and the Terrapin Attack, as highlighted in the discussion of Pull Request #163 on the SSH-MITM repository.
It appears that both methods involve discarding certain packets during the SSH key exchange process.
In SSH-MITM, packets are discarded during kex-init:
ssh-mitm/sshmitm/workarounds/transport.py
Lines 178 to 188 in 4fc3ef4
According to the Terrapin Attack website, packet discarding is a crucial aspect of their methodology.
The packet handling techniques used in SSH-MITM, as seen in the GitHub blame for sshmitm/workarounds/transport.py, were implemented 1-2 years ago. This timeline suggests a noteworthy context: both SSH-MITM and the Terrapin Attack utilize similar methods for manipulating SSH packets. This parallel raises intriguing questions about the Terrapin Attack's exploitability and security implications. The pre-existing nature of these techniques in SSH-MITM might warrant a reevaluation of the Terrapin Attack's impact on SSH security.
I would like to respectfully request the SSH-MITM developers to conduct an evaluation of the Terrapin Attack. This evaluation would greatly benefit the cybersecurity community by clarifying the differences and similarities between SSH-MITM's techniques and those used in the Terrapin Attack. Understanding these nuances is crucial for assessing the relevance and impact of such attacks on both current and future Man-in-the-Middle (MitM) vulnerabilities.
The text was updated successfully, but these errors were encountered: