ROSA LABROSA-SA-2024-2382

HistoryMar 26, 2024 - 11:47 a.m.

Advisory ROSA-SA-2024-2382

2024-03-2611:47:18

ROSA LAB

abf.rosalinux.ru

advisory

openssh

rosa-server79

cve-2023-48795

vulnerability

exploitation

integrity checks

security features

unauthorized access

resolved

7.8 High

AI Score

Confidence

Low

0.962 High

EPSS

Percentile

99.5%

JSON

Software: openssh 7.4p1
OS: rosa-server79

package_evr_string: openssh-7.4p1-23.0.3.res7

CVE-ID: CVE-2023-48795
BDU-ID: 2023-08853
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiation process and achieve the deletion of an arbitrary number of SSH service messages. Exploitation of the vulnerability could allow a remote attacker to bypass integrity checks, disable existing security features, and gain unauthorized access to protected information.
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update openssh command

OSVersionArchitecturePackageVersionFilename
rosaanynoarchopenssh< 7.4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
rosa	any	noarch	openssh	< 7.4	UNKNOWN

nessus

openSUSE 15 Security Update : proftpd (openSUSE-SU-2023:0421-1)

2023-12-30 00:00:00

Fedora 38 : python-paramiko (2024-39a8c72ea9)

2024-01-10 00:00:00

EulerOS Virtualization 2.10.1 : libssh2 (EulerOS-SA-2024-1548)

2024-04-19 00:00:00

cbl_mariner

CVE-2023-48795 affecting package kubevirt for versions less than null

2024-01-10 08:19:37

CVE-2023-48795 affecting package libssh for versions less than 0.10.6-1

2024-01-14 22:46:30

CVE-2023-48795 affecting package moby-cli for versions less than 20.10.27-2

2024-01-19 03:54:24

redos

ROS-20240408-15

2024-04-08 00:00:00

ROS-20240409-04

2024-04-09 00:00:00

openvas

Fedora: Security Advisory for golang-x-crypto (FEDORA-2024-7b08207cdb)

2024-01-18 00:00:00

Fedora: Security Advisory for proftpd (FEDORA-2023-b87ec6cf47)

2023-12-30 00:00:00

SUSE: Security Advisory (SUSE-SU-2024:0327-1)

2024-02-06 00:00:00

atlassian

CVE-2023-48795 vulnerability on SSH

2024-01-04 17:19:13

redhat

(RHSA-2024:0625) Moderate: libssh security update

2024-01-31 08:08:23

(RHSA-2024:0499) Moderate: libssh security update

2024-01-25 15:19:29

(RHSA-2024:1196) Moderate: Red Hat JBoss Enterprise Application Platform 7.4 security update

2024-03-06 17:50:02

alpinelinux

CVE-2023-48795

2023-12-18 16:15:10

osv

Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin

2023-12-18 19:22:09

libssh vulnerability

2023-12-19 13:08:22

php-phpseclib3 - security update

2024-01-12 00:00:00

freebsd

jenkins -- Terrapin SSH vulnerability in Jenkins CLI client

2024-04-17 00:00:00

putty -- add protocol extension against 'Terrapin attack'

2023-10-16 00:00:00

FreeBSD -- Prefix Truncation Attack in the SSH protocol

2023-12-19 00:00:00

fedora

[SECURITY] Fedora 39 Update: putty-0.80-1.fc39

2024-01-11 01:17:14

[SECURITY] Fedora 38 Update: python-paramiko-3.4.0-1.fc38

2024-01-11 02:17:01

[SECURITY] Fedora 38 Update: prometheus-podman-exporter-1.7.0-1.fc38

2024-01-29 07:54:09

ubuntu

LXD vulnerability

2024-04-22 00:00:00

FileZilla vulnerability

2024-01-18 00:00:00

libssh2 vulnerability

2024-01-15 00:00:00

oraclelinux

buildah security update

2024-03-07 00:00:00

openssh security update

2024-03-18 00:00:00

openssh security update

2024-02-13 00:00:00

cloudfoundry

USN-6561-1: libssh vulnerability | Cloud Foundry

2024-04-04 00:00:00

mageia

Updated erlang packages fix a security vulnerability (Terrapin Attack)

2024-01-20 01:43:32

Updated filezilla packages fix a security vulnerability ("Terrapin attack")

2024-02-10 04:03:35

Updated libssh2 packages fix a security vulnerability (Terrapin Attack)

2024-01-08 13:12:44

debian

[SECURITY] [DSA 5600-1] php-phpseclib security update

2024-01-12 07:13:37

[SECURITY] [DSA 5599-1] phpseclib security update

2024-01-12 07:13:27

[SECURITY] [DLA 3730-1] python-asyncssh security update

2024-02-01 00:22:40

ibm

Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to machine-in-the-middle due to golang.org/x/crypto ( CVE-2023-48795 )

2024-04-11 21:32:41

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a machine-in-the-middle attack CVE-2023-48795

2024-03-11 14:52:33

Security Bulletin: IBM DataPower Gateway vulnerable to "Terrapin" attack in OpenSSH (CVE-2023-48795)

2024-05-14 15:04:31

veracode

Rogue Session Attack (Terrapin)

2023-12-19 06:46:15

Prefix Truncation Attack (Terrapin Attack)

2023-12-19 09:12:16

paloalto

Impact of Terrapin SSH Attack

2024-01-09 01:30:00

cvelist

CVE-2023-48795

2023-12-18 00:00:00

prion

Design/Logic Flaw

2023-12-18 16:15:00

thn

New Terrapin Flaw Could Let Attackers Downgrade SSH Protocol Security

2024-01-01 09:37:00

freebsd_advisory

FreeBSD-SA-23:19.openssh

2023-12-19 00:00:00

debiancve

CVE-2023-48795

2023-12-18 16:15:10

amazon

Medium: openssh

2023-12-18 09:20:00

Medium: openssh

2023-12-18 09:20:00

cgr

CVE-2023-48795 vulnerabilities

2024-05-19 03:07:16

K000138264 : SSH vulnerability CVE-2023-48795

2024-01-17 00:00:00

ubuntucve

CVE-2023-48795

2023-12-18 00:00:00

github

Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin

2023-12-18 19:22:09

Advisory ROSA-SA-2024-2382

Related