Ligolo-Ng - An Advanced, Yet Simple, Tunneling/Pivoting Tool That Uses A TUN Interface

Ligolo-ng is a simple , lightweight and fast tool that allows pentesters to establish tunnels from a reverse TCP/TLS connection using a tun interface without the need of SOCKS. Features Tun interface No more SOCKS! Simple UI with agent selection and network information Easy to use and setup...

OESA-2024-1104 libssh security update

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

OESA-2024-1081 openssh security update

OpenSSH is the premier connectivity tool for remote login with the SSH protocol. \ It encrypts all traffic to eliminate eavesdropping, connection hijacking, and \ other attacks. In addition, OpenSSH provides a large suite of secure tunneling \ capabilities, several authentication methods, and...

OESA-2024-1066 openssh security update

OpenSSH is the premier connectivity tool for remote login with the SSH protocol. \ It encrypts all traffic to eliminate eavesdropping, connection hijacking, and \ other attacks. In addition, OpenSSH provides a large suite of secure tunneling \ capabilities, several authentication methods, and...

OESA-2024-1048 proftpd security update

ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based...

Ubuntu 16.04 ESM / 18.04 ESM : OpenSSH vulnerabilities (USN-6560-2)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6560-2 advisory. USN-6560-1 fixed several vulnerabilities in OpenSSH. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS...

The SSH transport protocol with certain OpenSSH extensions found in OpenSSH before 9.6 and other products allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message) and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP) implemented by these extensions mishandles the handshake phase and mishandles use of sequence numbers. For example there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in [email protected] and (if CBC is used) the [email protected] MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT Dropbear through 2022.83 Ssh before 5.1.1 in Erlang/OTP PuTTY before 0.80 AsyncSSH before 2.14.2 golang.org/x/crypto before 0.17.0 libssh before 0.10.6 libssh2

...

FreeBSD : gitea -- Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin (b2765c89-a052-11ee-bed2-596753f1a87c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b2765c89-a052-11ee-bed2-596753f1a87c advisory. - The Gitea team reports: Update golang.org/x/crypto b2765c89-a052-11ee-bed2-596753f1a87c Note that...

gitea -- Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin

The Gitea team reports: Update golang.org/x/crypto...

GHSA-45X7-PX36-X8W8 Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin

Summary Terrapin is a prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server a...

Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin

Summary Terrapin is a prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server a...

GHSA-HFMC-7525-MJ55 AsyncSSH vulnerable to Prefix Truncation Attack (a.k.a. Terrapin Attack) against ChaCha20-Poly1305 and Encrypt-then-MAC

Summary AsyncSSH v2.14.1 and earlier is vulnerable to a novel prefix truncation attack a.k.a. Terrapin attack, which allows a man-in-the-middle attacker to strip an arbitrary number of messages right after the initial key exchange, breaking SSH extension negotiation RFC8308 in the process and thu...

AsyncSSH vulnerable to Prefix Truncation Attack (a.k.a. Terrapin Attack) against ChaCha20-Poly1305 and Encrypt-then-MAC

Summary AsyncSSH v2.14.1 and earlier is vulnerable to a novel prefix truncation attack a.k.a. Terrapin attack, which allows a man-in-the-middle attacker to strip an arbitrary number of messages right after the initial key exchange, breaking SSH extension negotiation RFC8308 in the process and thu...

AZL-32229 CVE-2023-48795 affecting package terraform for versions less than 1.3.2-25

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

AZL-32224 CVE-2023-48795 affecting package moby-compose for versions less than 2.17.3-5

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

AZL-34901 CVE-2023-48795 affecting package kubernetes for versions less than 1.30.1-1

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

GHSA-8G85-WHQH-CR2F Traefik vulnerable to potential DDoS via ACME HTTPChallenge

Impact There is a potential vulnerability in Traefik managing the ACME HTTP challenge. When Traefik is configured to use the HTTPChallenge to generate and renew the Let's Encrypt TLS certificates, the delay authorized to solve the challenge 50 seconds can be exploited by attackers slowloris attac...

Traefik vulnerable to potential DDoS via ACME HTTPChallenge

Impact There is a potential vulnerability in Traefik managing the ACME HTTP challenge. When Traefik is configured to use the HTTPChallenge to generate and renew the Let's Encrypt TLS certificates, the delay authorized to solve the challenge 50 seconds can be exploited by attackers slowloris attac...

Denial Of Service (DoS)

github.com/traefik/traefik is vulnerable to Denial of Service DoS. The vulnerability occurs when using the HTTPChallenge method for Lets Encrypt certificate renewals. The vulnerability exploits a 50-second window during the challenge validation process, allowing attackers to bombard the system wi...

CVE-2023-47124

Traefik is an open source HTTP reverse proxy and load balancer. When Traefik is configured to use the HTTPChallenge to generate and renew the Let's Encrypt TLS certificates, the delay authorized to solve the challenge 50 seconds can be exploited by attackers to achieve a slowloris attack. This...