Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 2254210 (CVE-2023-48795)
Summary: | CVE-2023-48795 ssh: Prefix truncation attack on Binary Packet Protocol (BPP) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Patrick Del Bello <pdelbell> |
Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
Status: | NEW --- | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | aarif, agarcial, aileenc, amctagga, anstephe, aoconnor, apatel, apevec, apjagtap, aprice, asatyam, asegurap, asoldano, aveerama, avibelli, bbaranow, bbuckingham, bcourt, bdettelb, bgeorges, bmaxwell, bniver, boliveir, brian.stansberry, caswilli, cdewolf, chazlett, chris, clement.escoffier, coldford, cstratak, dandread, darran.lofthouse, davidn, dbelyavs, dfreiber, dhalasz, dhanak, diagrawa, dkenigsb, dkreling, dkuc, dosoudil, drichtar, drow, dsimansk, dymurray, eglynn, ehelms, epacific, fdeutsch, fjansen, fjuma, flucifre, fmongiar, gercan, gmeno, gsmet, gsuckevi, hkataria, ibek, ibolton, ivassile, iweiss, janstey, jburrell, jcammara, jdelaros, jhardy, jjoyce, jmartisk, jmatthew, jmitchel, jmontleo, jneedle, jnethert, jobarker, joelsmith, jrokos, jsamir, jschluet, jshaughn, jsherril, jtanner, jwendell, kaycoth, ket000, kgaikwad, kingland, kshier, kverlaen, kyoshida, lgao, lhh, lsvaty, lthon, luizcosta, lzap, mabashia, matzew, max.andersen, mbenjamin, mburns, mgarciac, mhackett, mhulan, michal.skrivanek, mjg, mnovotny, mosmerov, mperina, mpierce, mrajanna, msochure, mstefank, msvehla, mulliken, mvanderw, nmoumoul, nobody, nwallace, nweather, odf-bz-bot, olubyans, omaciel, omoris, orabin, oramraz, osapryki, owatkins, pasik, pcreech, pdrozd, peholase, pete.perfetti, peter, pgallagh, pgrist, pierdipi, pjindal, plemenko, pmackay, probinso, psegedy, pskopek, python-maint, quang-tru.huynh, ravpatil, rcernich, rchan, rguimara, rhos-maint, rhuss, rjohnson, rowaters, rruss, rstancel, rsvoboda, saroy, sbiarozk, sdawley, security-response-team, shbose, simaishi, skontopo, slucidi, smaestri, smcdonal, smullick, solar, sostapov, sseago, ssorce, stcannon, sthirugn, sthorger, sujagtap, supatil, teagle, tkral, tom.jenkinson, torsava, tqvarnst, tru, tsasak, tsweeney, twalsh, ubhargav, vereddy, vkrizan, vkumar, vmugicag, whayutin, yguenane, zsadeh |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | PuTTY 0.80, AsyncSSH 2.14.1, libssh 0.9.8, libssh 0.10.6, golang.org/x/crypto/ssh 0.17.0 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2254764, 2254765, 2254766, 2254767, 2254768, 2254770, 2255041, 2255042, 2255046, 2255048, 2255049, 2255055, 2255057, 2255060, 2255061, 2255065, 2255067, 2255068, 2255069, 2255071, 2255075, 2255082, 2255086, 2255087, 2255089, 2255091, 2255092, 2255093, 2255094, 2255096, 2255097, 2255098, 2255099, 2255100, 2255101, 2255102, 2255106, 2255107, 2255862, 2255863, 2255911, 2255912, 2257947, 2254752, 2254753, 2254754, 2254755, 2254756, 2254757, 2254758, 2254759, 2254760, 2254761, 2254762, 2254763, 2255043, 2255044, 2255045, 2255047, 2255050, 2255051, 2255052, 2255053, 2255054, 2255056, 2255058, 2255059, 2255062, 2255063, 2255064, 2255066, 2255070, 2255072, 2255073, 2255074, 2255076, 2255077, 2255078, 2255080, 2255081, 2255083, 2255084, 2255085, 2255090, 2255095, 2255103, 2255104, 2255105, 2255108, 2255109, 2255125, 2255864, 2255865, 2255866, 2255907, 2255908, 2255909, 2255910, 2255913 | ||
Bug Blocks: |
Description
Patrick Del Bello
2023-12-12 16:59:59 UTC
Created age tracking bugs for this issue: Affects: fedora-all [bug 2255071] Created ansible-collection-ansible-netcommon tracking bugs for this issue: Affects: fedora-all [bug 2255055] Affects: openstack-rdo [bug 2255059] Created apptainer tracking bugs for this issue: Affects: epel-all [bug 2255062] Affects: fedora-all [bug 2255072] Created buildah tracking bugs for this issue: Affects: fedora-all [bug 2255073] Created caddy tracking bugs for this issue: Affects: epel-all [bug 2255063] Affects: fedora-all [bug 2255074] Created cri-o tracking bugs for this issue: Affects: fedora-all [bug 2255075] Created cri-o:1.21/cri-o tracking bugs for this issue: Affects: epel-all [bug 2255064] Created cri-o:1.22/cri-o tracking bugs for this issue: Affects: fedora-all [bug 2255076] Created cri-o:1.23/cri-o tracking bugs for this issue: Affects: fedora-all [bug 2255077] Created cri-o:1.24/cri-o tracking bugs for this issue: Affects: fedora-all [bug 2255078] Created cri-o:1.25/cri-o tracking bugs for this issue: Affects: fedora-all [bug 2255080] Created cri-o:1.26/cri-o tracking bugs for this issue: Affects: fedora-all [bug 2255081] Created cri-o:1.27/cri-o tracking bugs for this issue: Affects: fedora-all [bug 2255082] Created docker-compose tracking bugs for this issue: Affects: fedora-all [bug 2255056] Created doctl tracking bugs for this issue: Affects: fedora-all [bug 2255083] Created dropbear tracking bugs for this issue: Affects: epel-all [bug 2255041] Affects: fedora-all [bug 2255042] Created duplicity tracking bugs for this issue: Affects: fedora-all [bug 2255057] Created gh tracking bugs for this issue: Affects: fedora-all [bug 2255084] Created golang-github-cloudflare-cfssl tracking bugs for this issue: Affects: fedora-all [bug 2255085] Created golang-github-cloudflare-redoctober tracking bugs for this issue: Affects: fedora-all [bug 2255086] Created golang-github-facebookincubator-go2chef tracking bugs for this issue: Affects: fedora-all [bug 2255087] Created golang-github-francoispqt-gojay tracking bugs for this issue: Affects: fedora-all [bug 2255089] Created golang-github-git-5 tracking bugs for this issue: Affects: fedora-all [bug 2255090] Created golang-github-hashicorp-hc-install tracking bugs for this issue: Affects: fedora-all [bug 2255091] Created golang-github-in-toto tracking bugs for this issue: Affects: fedora-all [bug 2255092] Created golang-github-moby-buildkit tracking bugs for this issue: Affects: fedora-all [bug 2255093] Created golang-github-theoapp-theo-agent tracking bugs for this issue: Affects: fedora-all [bug 2255094] Created golang-googlecode-go-crypto tracking bugs for this issue: Affects: epel-all [bug 2255065] Created golang-x-crypto tracking bugs for this issue: Affects: epel-all [bug 2255066] Affects: fedora-all [bug 2255095] Created gomtree tracking bugs for this issue: Affects: fedora-all [bug 2255096] Created gopass tracking bugs for this issue: Affects: fedora-all [bug 2255097] Created gopass-hibp tracking bugs for this issue: Affects: fedora-all [bug 2255098] Created gopass-jsonapi tracking bugs for this issue: Affects: fedora-all [bug 2255099] Created gvisor-tap-vsock tracking bugs for this issue: Affects: fedora-all [bug 2255100] Created libssh tracking bugs for this issue: Affects: epel-all [bug 2255045] Affects: fedora-all [bug 2255047] Created libssh2 tracking bugs for this issue: Affects: epel-all [bug 2255046] Affects: fedora-all [bug 2255048] Created mingw-libssh2 tracking bugs for this issue: Affects: fedora-all [bug 2255049] Created nebula tracking bugs for this issue: Affects: fedora-all [bug 2255101] Created pack tracking bugs for this issue: Affects: epel-all [bug 2255067] Affects: fedora-all [bug 2255102] Created podman tracking bugs for this issue: Affects: fedora-all [bug 2255103] Created podman-tui tracking bugs for this issue: Affects: fedora-all [bug 2255104] Created proftpd tracking bugs for this issue: Affects: epel-all [bug 2255052] Affects: fedora-all [bug 2255053] Created prometheus-podman-exporter tracking bugs for this issue: Affects: fedora-all [bug 2255105] Created putty tracking bugs for this issue: Affects: epel-all [bug 2255050] Affects: fedora-all [bug 2255051] Created python-asyncssh tracking bugs for this issue: Affects: epel-all [bug 2255043] Affects: fedora-all [bug 2255044] Created python-docker tracking bugs for this issue: Affects: epel-all [bug 2255054] Affects: openstack-rdo [bug 2255060] Created python-network-runner tracking bugs for this issue: Affects: fedora-all [bug 2255058] Affects: openstack-rdo [bug 2255061] Created rclone tracking bugs for this issue: Affects: epel-all [bug 2255068] Affects: fedora-all [bug 2255106] Created restic tracking bugs for this issue: Affects: epel-all [bug 2255069] Affects: fedora-all [bug 2255107] Created singularity-ce tracking bugs for this issue: Affects: epel-all [bug 2255070] Affects: fedora-all [bug 2255108] Created vagrant tracking bugs for this issue: Affects: fedora-all [bug 2255109] Created openssh tracking bugs for this issue: Affects: fedora-all [bug 2255125] Mitigation: You can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9: 1. chacha20-poly1305 2. hmac-sha2-512-etm 3. hmac-sha2-256-etm 4. hmac-sha1-etm 5. hmac-md5-etm To do that through crypto-policies, one can apply a subpolicy with the following content: ``` cipher@SSH = -CHACHA20-POLY1305 ssh_etm = 0 ``` e.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server. One can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`. For more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening Note that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update. (In reply to Sandipan Roy from comment #7) > Created vagrant tracking bugs for this issue: > > Affects: fedora-all [bug 2255109] @saroy Would you mind elaborate how Vagrant got on the list? I think that Vagrant uses rubygem-net-ssh for the SSH. So is it vulnerable? Should the ciphers be disabled there? Is the upstream aware? This report unfortunately does not provide too much information. In reply to comment #12: > (In reply to Sandipan Roy from comment #7) > > Created vagrant tracking bugs for this issue: > > > > Affects: fedora-all [bug 2255109] > > @saroy Would you mind elaborate how Vagrant got on the list? I > think that Vagrant uses rubygem-net-ssh for the SSH. So is it vulnerable? > Should the ciphers be disabled there? Is the upstream aware? > > This report unfortunately does not provide too much information. vagrant is listed becuase of this below golang dependency: $ depcli -svv golang.org/x/crypto/ssh -e golang | grep vagrant fedora-39 vagrant-2.3.4-3.fc39 (golang.org/x/crypto/ssh.0-20201002170205-7f63de1d35b0, golang) (In reply to Sandipan Roy from comment #13) > In reply to comment #12: > > (In reply to Sandipan Roy from comment #7) > > > Created vagrant tracking bugs for this issue: > > > > > > Affects: fedora-all [bug 2255109] > > > > @saroy Would you mind elaborate how Vagrant got on the list? I > > think that Vagrant uses rubygem-net-ssh for the SSH. So is it vulnerable? > > Should the ciphers be disabled there? Is the upstream aware? > > > > This report unfortunately does not provide too much information. > > vagrant is listed becuase of this below golang dependency: > > $ depcli -svv golang.org/x/crypto/ssh -e golang | grep vagrant > fedora-39 vagrant-2.3.4-3.fc39 > (golang.org/x/crypto/ssh.0-20201002170205-7f63de1d35b0, golang) Thx for elaborating. Is it possible to provide this level of detail in the future? As you can see, something like this never came to my mind. Looking for a mitigation for RHEL 7, does this appear to be correct? /etc/ssh/ssh_config: ``` Ciphers 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,arcfour128,arcfour256,aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc.se,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm,aes256-gcm MACs hmac-sha1,hmac-sha1-96,hmac-sha2-256,hmac-sha2-512,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160,umac-64,umac-128 ``` /etc/ssh/sshd_config: ``` Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm,aes256-gcm,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc MACs umac-64,umac-128,hmac-sha2-256,hmac-sha2-512,hmac-sha1 ``` ...or basically to remove the chacha cipher and etm macs from both configs. To get a list of the current ciphers and macs: ``` ssh -Q cipher ssh -Q mac sshd -T | grep -e '^ciphers ' -e '^macs ' ``` Created erlang tracking bugs for this issue: Affects: epel-all [bug 2255862] Affects: fedora-all [bug 2255863] Created python-paramiko tracking bugs for this issue: Affects: epel-all [bug 2255907] Affects: fedora-all [bug 2255908] Affects: openstack-rdo [bug 2255912] Hello Peter You did remove chacha cipher and etm macs, but the ciphers you referred continue to use weak ciphers like CBC, which will continue report cbc related vulnerabilities. To mitigate the CVE-2023-48795 and avoid other vulnerabilities to be reported, we can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config. Below strict set of Ciphers and MACs can be used as mitigation for RHEL 7. ``` Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm,aes256-gcm MACs umac-64,umac-128,hmac-sha2-256,hmac-sha2-512 ``` OR Remove the chacha cipher and etm macs from both config options which are currently configured. ``` ssh -Q cipher ssh -Q mac sshd -T | grep -e '^ciphers ' -e '^macs ' ``` Regards Ravindra FEDORA-EPEL-2024-b45b6eada5 has been pushed to the Fedora EPEL 9 stable repository. If problem still persists, please make note of it in this bug report. This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:0455 https://access.redhat.com/errata/RHSA-2024:0455 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:0429 https://access.redhat.com/errata/RHSA-2024:0429 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:0499 https://access.redhat.com/errata/RHSA-2024:0499 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:0538 https://access.redhat.com/errata/RHSA-2024:0538 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:0594 https://access.redhat.com/errata/RHSA-2024:0594 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:0606 https://access.redhat.com/errata/RHSA-2024:0606 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:0625 https://access.redhat.com/errata/RHSA-2024:0625 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:0628 https://access.redhat.com/errata/RHSA-2024:0628 Giving the timing, the problem report here may indicate there's an issue with the RHEL8 fix - https://superuser.com/questions/1828501/how-to-solve-ssh-connection-corrupted-error - or it could be unrelated. Just a heads up. There is a known issue with this version : https://github.com/oracle/oracle-linux/issues/125 and Oracle has pulled back this patch for now from their repos. So running below will restore access. sudo dnf downgrade openssh-server sudo dnf clean all This will update the packages openssh , openssh-clients , openssh-server back to openssh-server-8.0p1-19.el8_8.x86_64 from current openssh-server-8.0p1-19.el8_8.x86_64 There is a known issue with this version : https://github.com/oracle/oracle-linux/issues/125 and Oracle has pulled back this patch for now from their repos. So running below will restore access. sudo dnf downgrade openssh-server sudo dnf clean all This will update the packages openssh , openssh-clients , openssh-server back to openssh-server-8.0p1-19.el8_8.x86_64 from current openssh-server-8.0p1-19.el8_8.x86_64 This issue has been addressed in the following products: Red Hat build of Quarkus 3.2.10 Via RHSA-2024:0722 https://access.redhat.com/errata/RHSA-2024:0722 This issue has been addressed in the following products: RHBOAC camel-quarkus 3 (camel-4.0/quarkus-3.2) Via RHSA-2024:0789 https://access.redhat.com/errata/RHSA-2024:0789 This issue has been addressed in the following products: RHOSS-1.31-RHEL-8 Via RHSA-2024:0843 https://access.redhat.com/errata/RHSA-2024:0843 This issue has been addressed in the following products: Openshift Serverless 1 on RHEL 8 Via RHSA-2024:0880 https://access.redhat.com/errata/RHSA-2024:0880 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:0954 https://access.redhat.com/errata/RHSA-2024:0954 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2023:7197 https://access.redhat.com/errata/RHSA-2023:7197 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2023:7198 https://access.redhat.com/errata/RHSA-2023:7198 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2023:7201 https://access.redhat.com/errata/RHSA-2023:7201 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:0766 https://access.redhat.com/errata/RHSA-2024:0766 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:1130 https://access.redhat.com/errata/RHSA-2024:1130 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:1150 https://access.redhat.com/errata/RHSA-2024:1150 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Via RHSA-2024:1193 https://access.redhat.com/errata/RHSA-2024:1193 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Via RHSA-2024:1192 https://access.redhat.com/errata/RHSA-2024:1192 This issue has been addressed in the following products: EAP 8.0.1 Via RHSA-2024:1194 https://access.redhat.com/errata/RHSA-2024:1194 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2024:1197 https://access.redhat.com/errata/RHSA-2024:1197 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Via RHSA-2024:1196 https://access.redhat.com/errata/RHSA-2024:1196 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:1210 https://access.redhat.com/errata/RHSA-2024:1210 Hello, Are there plans to backport the fix to Red Hat OpenShift Container Platform 4.10 and Red Hat OpenShift Container Platform 4.12 ? Cory Oldford This issue has been addressed in the following products: OPENSHIFT-BUILDS-1.0-RHEL-8 Via RHSA-2024:1557 https://access.redhat.com/errata/RHSA-2024:1557 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Via RHSA-2024:1676 https://access.redhat.com/errata/RHSA-2024:1676 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Via RHSA-2024:1675 https://access.redhat.com/errata/RHSA-2024:1675 This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Via RHSA-2024:1674 https://access.redhat.com/errata/RHSA-2024:1674 This issue has been addressed in the following products: EAP 7.4.16 Via RHSA-2024:1677 https://access.redhat.com/errata/RHSA-2024:1677 This issue has been addressed in the following products: OADP-1.3-RHEL-9 Via RHSA-2024:1859 https://access.redhat.com/errata/RHSA-2024:1859 |