CVE-2023-48251

The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account...

CVE-2023-48251

CVE-2023-48251 describes a remote SSH authentication vulnerability allowing root login via a hidden hard-coded account. Reported impact includes high-severity outcomes (confidentiality, integrity, availability) with CVSS v3.1 scores: up to 9.8 (NVD) and 8.1 (PSIRT/Bosch). Documented target famili...

CVE-2023-48251

The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account...

[SECURITY] Fedora 38 Update: libssh-0.10.6-2.fc38

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, trans fer files, use a secure and transparent tunnel for your remote...

Fedora 38 : putty (2024-71c2c6526c)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-71c2c6526c advisory. Security fix for CVE-2023-48795. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

Fedora 38 : python-paramiko (2024-39a8c72ea9)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-39a8c72ea9 advisory. Terrapin fix Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this issue...

Fedora 39 : putty (2024-d946b9ad25)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-d946b9ad25 advisory. Security fix for CVE-2023-48795. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

Impact of Terrapin SSH Attack

The Terrapin attack allows an attacker with the ability to intercept SSH traffic on affected Palo Alto Networks products through machine-in-the-middle or MitM attacks to downgrade connection security and force the usage of less secure client authentication algorithms when an administrator or user...

Mageia: Security Advisory (MGASA-2024-0002)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2024-0003)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 38 : libssh (2023-55800423a8)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-55800423a8 advisory. Fix regression in IPv6 hosntames parsing ---- New upstream release fixing CVE-2023-48795, CVE-2023-6004, CVE-2023-6918 Tenable has extracted the...

Mageia: Security Advisory (MGASA-2024-0004)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated dropbear package fixes a security vulnerability

Parts of the SSH specification are vulnerable to a novel prefix truncation attack a.k.a. Terrapin attack, which allows a man-in-the-middle attacker to strip an arbitrary number of messages right after the initial key exchange, breaking SSH extension negotiation RFC8308 in the process and thus...

MGASA-2024-0004 Updated dropbear package fixes a security vulnerability

Parts of the SSH specification are vulnerable to a novel prefix truncation attack a.k.a. Terrapin attack, which allows a man-in-the-middle attacker to strip an arbitrary number of messages right after the initial key exchange, breaking SSH extension negotiation RFC8308 in the process and thus...

Updated libssh2 packages fix a security vulnerability (Terrapin Attack)

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

Updated putty package fixes a security vulnerability (Terrapin attack)

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and many other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a...

MGASA-2024-0003 Updated putty package fixes a security vulnerability (Terrapin attack)

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and many other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a...

MGASA-2024-0002 Updated libssh2 packages fix a security vulnerability (Terrapin Attack)

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

Medium: libssh

Issue Overview: AWS is aware of CVE-2023-48795, also known as Terrapin, which is found in the SSH protocol and affects SSH channel integrity. A protocol extension has been introduced by OpenSSH which needs to be applied to both the client and the server in order to address this issue. We recommen...

Medium: libssh

Issue Overview: AWS is aware of CVE-2023-48795, also known as Terrapin, which is found in the SSH protocol and affects SSH channel integrity. A protocol extension has been introduced by OpenSSH which needs to be applied to both the client and the server in order to address this issue. We recommen...