Looks like a fairly new SSH vulnerability has surfaced…Anyone figure out a local remediation for this yet? As per usual, IBM is mum. There is no fixing PTF yet based on what I see in ResourceLink.
QID 38913 Severity HIGH Definition SSH Prefix Truncation Vulnerability (Terrapin) Description The Terrapin attack exploits weaknesses in the SSH transport layer protocol in combination with newer cryptographic algorithms and encryption modes introduced by OpenSSH over 10 years ago. Since then, these have been adopted by a wide range of SSH implementations, therefore affecting a majority of current implementations. QID Detection Logic (Unauthenticated): This detection attempts to start the SSH key exchange process and examines whether either of the vulnerable ChaCha20-Poly1305 Algorithm or CBC-EtM Algorithm is active. It subsequently verifies whether Strict Key Exchange is enabled. If a target is identified as vulnerable, it indicates that the target supports either of the vulnerable algorithms and lacks support for Strict Key Exchange. Solution Customers are advised to refer to the individual vendor advisory for their operating system and install the patch released by the vendor. For more information regarding the vulnerability, please refer to Terrapin Vulnerability Patch: Following are links for downloading patches to fix the vulnerabilities: OpenWall Security Advisory Impact Successful exploitation of the vulnerability may allow an attacker to downgrade the security of an SSH connection when using SSH extension negotiation. The impact in practice heavily depends on the supported extensions. Most commonly, this will impact the security of client authentication when using an RSA public key. CVEs CVE-2023-48795 Results SSH Prefix Truncation Vulnerability (Terrapin) detected on port: 22 ChaCha20-Poly1305 Algorithm Support: True CBC-EtM Algorithm Support: False Strict Key Exchange algorithm enabled: False EVM Report Yes EVM Risk Score 4.9 Host Details Host 192.168.30.2 IP Address 192.168.30.2 Operating System IBM OS/390 Tier T3 FQDN Port 22 Protocol tcp Dave Jousma Vice President | Director, Technology Engineering This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
