SSH Compression Error Checking

2017-11-06T00:00:00
ID SSH_CHECK_COMPRESSION.NASL
Type nessus
Reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2017-11-06T00:00:00

Description

The remote host supports algorithms that can use compression. But when ssh attempts to use compression for that communication, the connections do not succeed.

                                        
                                            #TRUSTED 44eea0a80db23a3a7734edeb653e0c5117fcf3d0b873b021c8f1d3251aab399ddca64d6593cf11a4b75ba41f9384e4c11fd597762abdbd1d6a90c9dc72c1827169a977a447a8b7846a20aae077846200b6246cd0a4f7c3bbaf850ae018481ddada800cd8b5b001963203076ff14e0a52cdd2551f0e6f5ef79f275e2a5623be90694502d2873a666512ed9d77174b7e27debf73e767cb28201697572f08303b8a3d0788328ca97f706bead942f636a11cb5fe36ae0af309c0886b48701660181eef35221eee72704734ff82fe7c09c914fe3779b11544bfb622b366e49889ee3db9ae0802b4876991fa9fcd2fd6f044e8d468a40b655a9f82b7642f2938135f0f508aa5d66efe9becdb6ca2cf1e8489e2901c6a162b50aade37a55de25bf15da00d693dd5b0494d5e5d358073a525e754a54d980734bd8912648e8bb6bbb70676de8d55d50bea7b9c05cfe3d00bfd17107a0484aafd70e0ebffd50ec6295bc042c10a6bcf331655e7820e1edde1c2375e45343d340d0d211ee5f67d375570cc722a158b65bff3689497fb088eea6bf84b01f0869ff6bb53957b551f40bacb2ce9a2eabe935fc2fd8a234eebbf7b0b63454f24b62e7f86b8bd5a0bb5cef1b6fd93f152dd325ae082244554546894f64cee4569a2d7b7b8b28fda7017f6c57d0d34427798497ed306becea6ec8d8aa5f5ea98f60d64af2dba4a7b8d5683b0c7c86c
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(104411);
  script_version("1.4");

  script_name(english:"SSH Compression Error Checking");
  script_summary(english:"Attempts to see if ssh channels can be opened with compression.");
  script_set_attribute(attribute:"plugin_modification_date", value:"2019/02/28");

  script_set_attribute(attribute:"synopsis", value:
"The remote host supports ssh compression, but actually using ssh
compression causes errors.");
  script_set_attribute(attribute:"description", value:
"The remote host supports algorithms that can use compression. But
when ssh attempts to use compression for that communication, the
connections do not succeed.");
  script_set_attribute(attribute:"solution", value:"n/a");
  script_set_attribute(attribute:"risk_factor",value:"None");

  script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/06");

  script_set_attribute(attribute:"plugin_type",value:"remote");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("find_service1.nasl", "ssh_settings.nasl", "clrtxt_proto_settings.nasl", "ssh_rate_limiting.nasl");

  exit(0);
}

USE_SSH_WRAPPERS = TRUE;

include("audit.inc");
include("global_settings.inc");

include("datetime.inc");
include("string.inc");
include("byte_func.inc");
include("misc_func.inc");

include("ssh_func.inc");
include("ssh_lib.inc");

#start_time = gettimeofday();

enable_ssh_wrappers();

session = new("sshlib::session");
login_res = sshlib::try_ssh_kb_settings_login(session:session, accept_none_auth:FALSE);

if(!login_res)
{
  session.close_connection();
  exit(0, "The remote host is not responding to or permitting an ssh connection with the supplied credentials.");
}

if(get_kb_item("global_settings/enable_plugin_debugging"))
  SSH_DEBUG = TRUE;

if (session.compression_enabled_c_to_s == FALSE && session.compression_enabled_s_to_c == FALSE)
{
  session.close_connection();
  exit(0, "The remote host is not using an ssh connection with compression enabled.");
}

session.get_channel();
if (session.cur_state.val != "SOC_CLOSED")
{
  session.close_connection();
  exit(0, "The remote host is not experiencing any difficulty with getting a channel while ssh compression is enabled.");
}
session.close_connection();

sshlib::KEX_SUPPORTED_NAME_LISTS["compression_algorithms_server_to_client"] = "none";
sshlib::KEX_SUPPORTED_NAME_LISTS["compression_algorithms_client_to_server"] = "none";

session = new("sshlib::session");
session.open_connection(host:host, port:get_kb_item(sshlib::SSH_LIB_KB_PREFIX + "verified_login_port"));
session.login();
session.get_channel();

if (session.cur_state.val != "SOC_CLOSED")
{
  session.close_connection();
  set_kb_item(name:sshlib::SSH_LIB_KB_PREFIX + "disable_compression", value:1);
  report = 'Remote host determined to support ssh algorithms that support\ncompression, but in practice cannot successfully utilize compression.\nCompression will be disabled for ssh connections to this system.';
  security_report_v4(
    port       : session.port,
    severity   : SECURITY_NOTE,
    extra      : report
  );
  exit(0);
}
else
{
  session.close_connection();
  exit(0, "The remote host is not handling ssh connections any better with compression disabled.");
}