Classification: Confidential It does take some time for the fixes to be developed, tested and distributed.
-----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Jousma, David Sent: Thursday, January 25, 2024 8:04 AM To: [email protected] Subject: New SSH vulnerability [CAUTION: This Email is from outside the Organization. Unless you trust the sender, Don't click links or open attachments as it may be a Phishing email, which can steal your Information and compromise your Computer.] Looks like a fairly new SSH vulnerability has surfaced...Anyone figure out a local remediation for this yet? As per usual, IBM is mum. There is no fixing PTF yet based on what I see in ResourceLink. QID 38913 Severity HIGH Definition SSH Prefix Truncation Vulnerability (Terrapin) Description The Terrapin attack exploits weaknesses in the SSH transport layer protocol in combination with newer cryptographic algorithms and encryption modes introduced by OpenSSH over 10 years ago. Since then, these have been adopted by a wide range of SSH implementations, therefore affecting a majority of current implementations. QID Detection Logic (Unauthenticated): This detection attempts to start the SSH key exchange process and examines whether either of the vulnerable ChaCha20-Poly1305 Algorithm or CBC-EtM Algorithm is active. It subsequently verifies whether Strict Key Exchange is enabled. If a target is identified as vulnerable, it indicates that the target supports either of the vulnerable algorithms and lacks support for Strict Key Exchange. Solution Customers are advised to refer to the individual vendor advisory for their operating system and install the patch released by the vendor. For more information regarding the vulnerability, please refer to Terrapin Vulnerability Patch: Following are links for downloading patches to fix the vulnerabilities: OpenWall Security Advisory Impact Successful exploitation of the vulnerability may allow an attacker to downgrade the security of an SSH connection when using SSH extension negotiation. The impact in practice heavily depends on the supported extensions. Most commonly, this will impact the security of client authentication when using an RSA public key. CVEs CVE-2023-48795 Results SSH Prefix Truncation Vulnerability (Terrapin) detected on port: 22 ChaCha20-Poly1305 Algorithm Support: True CBC-EtM Algorithm Support: False Strict Key Exchange algorithm enabled: False EVM Report Yes EVM Risk Score 4.9 Host Details Host 192.168.30.2 IP Address 192.168.30.2 Operating System IBM OS/390 Tier T3 FQDN Port 22 Protocol tcp Dave Jousma Vice President | Director, Technology Engineering This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ::DISCLAIMER:: ________________________________ The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects. ________________________________ ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
