315 matches found
Erlang/OTP (Erlang OTP) Prefix Truncation Attacks in SSH Specification (Terrapin Attack) - Windows
Erlang/OTP Erlang OTP is vulnerable to a novel prefix truncation attack a.k.a. Terrapin attack in the SSH component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
SSH Prefix Truncation Vulnerability (Terrapin attack) on Citrix Applayering
SSH Prefix Truncation Vulnerability Terrapin attack on Citrix App Layering . Note: The Terrapin attack can reduce the security of SSH by using a downgrade attack via man-in-the-middle interception. The attack works by prefix truncation; the injection and deletion of messages during feature...
Security Bulletin: Security Vulnerability in Apache MINA SSHD Affects IBM Sterling B2B Integrator (CVE-2024-41909)
Summary IBM Sterling B2B Integrator has addressed the security vulnerability from Apache MINA SSHD Vulnerability Details CVEID:CVE-2024-41909 DESCRIPTION: Apache MINA SSHD could allow a remote attacker to bypass security restrictions. An attacker who can intercept traffic between the client and...
Linux Distros Unpatched Vulnerability : CVE-2023-48795
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks...
Security Bulletin: Vulnerability in paramiko affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2023-48795]
Summary The paramiko package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2023-48795. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH befo...
Security Bulletin: z/Transaction Processing Facility is affected by a vulnerability in the Apache Mina SSHD package (CVE-2023-48795)
Summary The Apache Mina SSHD package is used by the z/TPF system as part of the z/TPF secure file transfer support. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...
Security Bulletin: Vulnerability in OpenSSH affects watsonx.data
Summary The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks . This could affect watsonx.data. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain...
[SECURITY] [DLA 3975-1] proftpd-dfsg security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3975-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès November 29, 2024 https://wiki.debian.org/LTS -...
Fortinet FortiWeb OpenSSH Terrapin attack (CVE-2023-48795) (FG-IR-23-490)
The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-490 advisory. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...
Slackware: Security Advisory (SSA:2024-290-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-7051-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-7051-1: AsyncSSH vulnerability
Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being...
USN-7051-1 python-asyncssh vulnerability
Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being...
[SECURITY] [DSA 5750-1] python-asyncssh security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5750-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 18, 2024 https://www.debian.org/security/faq -...
Debian dsa-5750 : python-asyncssh-doc - security update
The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5750 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5750-1 [email protected] https://www.debian.org/security/ Moritz...
CVE-2024-41909
A flaw was found in Apache MINA SSHD. This flaw allows an attacker who can intercept traffic between the client and server to drop certain packets from the stream. This potentially causes a Terrapin attack where the client and server consequently end up with a connection for which some security...
Improper Validation Of Integrity Check Value
org.apache.sshd, sshd-common is vulnerable for Improper Validation Of Integrity Check Value. The vulnerability is due to the possibility of packet interception, where an attacker can intercept traffic between the client and server and drop certain packets from the stream, potentially downgrading ...
Apache MINA SSHD: integrity check bypass
Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with...
GHSA-2326-HX7G-3M9R Apache MINA SSHD: integrity check bypass
Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with...
CVE-2024-41909
Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. An attacker that can intercept traffic between client and server could drop certain packets from the stream, potentially causing client and server to consequently end up with...