18 matches found
Exploit for Improper Validation of Integrity Check Value in Openbsd Openssh
SSH Terrapin Attack Vulnerability Scanner CVE-2023-48795 A...
Finding SSH Strict Key Exchange Violations by State Learning
SSH is an important protocol for secure remote shell access to servers on the Internet. At USENIX 2024, B�umer et al. presented the Terrapin attack on SSH, which relies on the attacker injecting optional messages during the key exchange. To mitigate this attack, SSH vendors adopted an extension...
UBUNTU-CVE-2025-46712
Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 for OTP-27, OTP-26.2.5.12 for OTP-26, and OTP-25.3.2.21 for OTP-25, Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This...
CLSA-2024-1718796706 openssh: Fix of CVE-2023-48795
CVE-2023-48795: implement "strict key exchange" in ssh and sshd...
CLSA-2024-1718791502 openssh: Fix of CVE-2023-48795
CVE-2023-48795: implement "strict key exchange" in ssh and sshd...
CLSA-2024-1718290223 libssh: Fix of CVE-2023-48795
CVE-2023-48795: implement "strict key exchange" mitigations, tests/pkd/pkddaemon.c: relax pthreadkill assert in pkdstop...
CLSA-2024-1718288901 libssh: Fix of CVE-2023-48795
CVE-2023-48795: implement "strict key exchange" mitigations, tests/pkd/pkddaemon.c: relax pthreadkill assert in pkdstop...
openssh security update
7.4p1-23.0.3fips - Change Epoch from 1 to 10 - Enable fips KDF POST Orabug: 32461750 - Disable diffie-hellman-group-exchange-sha256 KEX FIPS method Orabug: 32461739 7.4p1-23.0.3 - add KEXINITIAL flag Orabug: 36160445 - implement 'strict key exchange' CVE-2023-48795Orabug: 36160445...
openssh security update
7.4p1-23.0.3fips - Change Epoch from 1 to 10 - Enable fips KDF POST Orabug: 32461750 - Disable diffie-hellman-group-exchange-sha256 KEX FIPS method Orabug: 32461739 7.4p1-23.0.3 - add KEXINITIAL flag Orabug: 36160445 - implement 'strict key exchange' CVE-2023-48795Orabug: 36160445...
CLSA-2024-1708638566 openssh: Fix of CVE-2023-48795
CVE-2023-48795: implement "strict key exchange" in ssh and sshd...
CLSA-2024-1707919380 openssh: Fix of CVE-2023-48795
CVE-2023-48795: implement "strict key exchange" in ssh and sshd - Moved ELS patches to the top to avoid patch conflicts...
openssh security update
7.4p1-23.0.3 - add KEXINITIAL flag Orabug: 36160445 - implement 'strict key exchange' CVE-2023-48795Orabug: 36160445...
openssh security update
7.4p1-23.0.3 - add KEXINITIAL flag Orabug: 36160445 - implement 'strict key exchange' CVE-2023-48795Orabug: 36160445...
CLSA-2024-1707420378 Fix CVE(s): CVE-2023-48795
SECURITY UPDATE: it's possible to remove the initial messages on the secure channel without causing a MAC failure - debian/patches/CVE-2023-48795.patch: implement "strict key exchange" in ssh and sshd - CVE-2023-48795...
CLSA-2024-1707420183 Fix CVE(s): CVE-2023-48795
SECURITY UPDATE: it's possible to remove the initial messages on the secure channel without causing a MAC failure - debian/patches/CVE-2023-48795.patch: implement "strict key exchange" in ssh and sshd - CVE-2023-48795...
OPENSUSE-SU-2024:0036-1 Security update for tinyssh
This update for tinyssh fixes the following issues: tinyssh was updated to 20240101 boo1218197, CVE-2023-48795: fixed channelforkpty race condition between closeslave in parent process and loginttyslave in child process fixed behavior when using terminal mode and stdin redirected to /dev/null 'ss...
MGASA-2024-0004 Updated dropbear package fixes a security vulnerability
Parts of the SSH specification are vulnerable to a novel prefix truncation attack a.k.a. Terrapin attack, which allows a man-in-the-middle attacker to strip an arbitrary number of messages right after the initial key exchange, breaking SSH extension negotiation RFC8308 in the process and thus...
GHSA-HFMC-7525-MJ55 AsyncSSH vulnerable to Prefix Truncation Attack (a.k.a. Terrapin Attack) against ChaCha20-Poly1305 and Encrypt-then-MAC
Summary AsyncSSH v2.14.1 and earlier is vulnerable to a novel prefix truncation attack a.k.a. Terrapin attack, which allows a man-in-the-middle attacker to strip an arbitrary number of messages right after the initial key exchange, breaking SSH extension negotiation RFC8308 in the process and thu...