Lucene search

HistoryDec 20, 2023 - 12:00 a.m.

Ubuntu: Security Advisory (USN-6560-1)

2023-12-2000:00:00

plugins.openvas.org

ubuntu

security advisory

usn-6560-1

openssh

prefix truncation attack

ssh-agent

cve-2023-28531

cve-2023-48795

ssh protocol

smartcard keys

extension negotiation

terrapin attack

vulnerability

update

mitigation

communication interception

algorithm downgrade

feature downgrade

destination constraints

protocol extensions

installation.

6.7 Medium

AI Score

Confidence

High

0.962 High

EPSS

Percentile

99.5%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.12.2023.6560.1");
  script_cve_id("CVE-2023-28531", "CVE-2023-48795");
  script_tag(name:"creation_date", value:"2023-12-20 04:08:43 +0000 (Wed, 20 Dec 2023)");
  script_version("2024-02-02T05:06:10+0000");
  script_tag(name:"last_modification", value:"2024-02-02 05:06:10 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-03-23 14:07:41 +0000 (Thu, 23 Mar 2023)");

  script_name("Ubuntu: Security Advisory (USN-6560-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("Ubuntu Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(20\.04\ LTS|22\.04\ LTS|23\.04|23\.10)");

  script_xref(name:"Advisory-ID", value:"USN-6560-1");
  script_xref(name:"URL", value:"https://ubuntu.com/security/notices/USN-6560-1");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'openssh' package(s) announced via the USN-6560-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"Fabian Baumer, Marcus Brinkmann, Jorg Schwenk discovered that the SSH
protocol was vulnerable to a prefix truncation attack. If a remote attacker
was able to intercept SSH communications, extension negotiation messages
could be truncated, possibly leading to certain algorithms and features
being downgraded. This issue is known as the Terrapin attack. This update
adds protocol extensions to mitigate this issue. (CVE-2023-48795)

Luci Stanescu discovered that OpenSSH incorrectly added destination
constraints when smartcard keys were added to ssh-agent, contrary to
expectations. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04.
(CVE-2023-28531)");

  script_tag(name:"affected", value:"'openssh' package(s) on Ubuntu 20.04, Ubuntu 22.04, Ubuntu 23.04, Ubuntu 23.10.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

release = dpkg_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "UBUNTU20.04 LTS") {

  if(!isnull(res = isdpkgvuln(pkg:"openssh-client", ver:"1:8.2p1-4ubuntu0.10", rls:"UBUNTU20.04 LTS"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"openssh-server", ver:"1:8.2p1-4ubuntu0.10", rls:"UBUNTU20.04 LTS"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "UBUNTU22.04 LTS") {

  if(!isnull(res = isdpkgvuln(pkg:"openssh-client", ver:"1:8.9p1-3ubuntu0.5", rls:"UBUNTU22.04 LTS"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"openssh-server", ver:"1:8.9p1-3ubuntu0.5", rls:"UBUNTU22.04 LTS"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "UBUNTU23.04") {

  if(!isnull(res = isdpkgvuln(pkg:"openssh-client", ver:"1:9.0p1-1ubuntu8.6", rls:"UBUNTU23.04"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"openssh-server", ver:"1:9.0p1-1ubuntu8.6", rls:"UBUNTU23.04"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "UBUNTU23.10") {

  if(!isnull(res = isdpkgvuln(pkg:"openssh-client", ver:"1:9.3p1-1ubuntu3.1", rls:"UBUNTU23.10"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"openssh-server", ver:"1:9.3p1-1ubuntu3.1", rls:"UBUNTU23.10"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

References

ubuntu.com/security/notices/USN-6560-1

USN-6560-1