• Hello and welcome! Register to enjoy full access and benefits:

    • Advertise in the Marketplace section for free.
    • Get more visibility with a signature link.
    • Company/website listings.
    • Ask & answer queries.
    • Much more...

    Register here or log in if you're already a member.

SSH servers vulnerable to new Terrapin attacks: Mitigating, Details & Discovery

administrator

Administrator
Staff member
Messages
11
Reaction score
0
Points
1
Balance
$0.0USD
Hi,

The new Terrapin attack is a type of security exploit that targets SSH (Secure Shell) servers. This attack takes advantage of vulnerabilities in the SSH protocol to gain unauthorized access to a server.

How the new Terrapin attack works?

A flow was found during the discovery that during the SSH integrity checks, by changing certain numbers during the connection setup, an attacker can make it look like some messages weren't sent, without SSH noticing.

Who discovered the new Terrapin attack?​

The New Terrapin attack discovered back in December 2023 by Ruhr University Bochum in Germany. It has been assigned as CVE-2023-48795. You can read more about this on RedHat.


Mitigate new Terrapin attack:​

On CentOS / RHEL-8, and CentOS / RHEL-9
Code:
You can disable the following ciphers and HMACs on RHEL-8 and RHEL-9:
1. [email protected]
2. [email protected]
3. [email protected]
4. [email protected]
5. [email protected]

To do this, run the following command. You can use either nano or vi, whichever you prefer.
nano /etc/crypto-policies/policies/modules/CVE-2023-48795.pmod

Paste this code:
cipher@SSH = -CHACHA20-POLY1305
ssh_etm = 0

Now, we need to apply our policy. Run the following command:
update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795

Save your changes and restart the SSH server.


You can verify that the changes are in effect by checking that the ciphers listed above are missing from both files.
/etc/crypto-policies/back-ends/openssh.config
/etc/crypto-policies/back-ends/opensshserver.config


For CentOS 7 / RHEL-7:
You should use strict MACs and Ciphers on CentOS 7/RHEL-7.

Use the following ciphers:
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
MACs [email protected],[email protected],hmac-sha2-256,hmac-sha2-512

Update both of the following files:

/etc/ssh/ssh_config
/etc/ssh/sshd_config


If you are using DirectAdmin or cPanel, immediately fix this vulnerability; otherwise, your servers can be compromised.
 

nick

Newbie
Messages
12
Reaction score
1
Points
3
Balance
$0.5USD
Thank you so much! I have some Linux boxes and disabled the ciphers on them.

Here is an article on Terrapin. It involves three vulnerabilities: CVE-2023-48795, CVE-2023-46445, and CVE-2023-46446.
 
Top