IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Terrapin



And at least one claim that some implementations knew about this about a month before public disclosure, so they were working on 'strict kex' for a while.

This protocol vulnerability was pre-disclosed to us by Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk, on 17 November 2023. For full details of their report, see their dedicated website about the Terrapin attack.



Brian Pence
Celestial Software
901-283-1970
http://www.celestialsoftware.net


On Wed, Dec 27, 2023 at 9:06 AM Brian Pence <bpence%celestialsoftware.net@localhost> wrote:
This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6,

Then each of the 'fixed' packages will have some kind of documentation describing their use of 'strict kex'
For example putty 0.80:
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-terrapin.html

To mitigate the vulnerability, the OpenSSH project has defined a SSH extension called 'strict KEX' (documented in their PROTOCOL document), which PuTTY 0.80 implements.




Brian Pence
Celestial Software
901-283-1970


On Mon, Dec 25, 2023 at 1:58 AM Peter Gutmann <pgut001%cs.auckland.ac.nz@localhost> wrote:
Brian Pence <bpence%celestialsoftware.net@localhost> writes:

>Related publication at NIST: https://nvd.nist.gov/vuln/detail/CVE-2023-48795
>
>Implementation versions that are identified as NOT VULNERABLE have all
>recently implemented "strict key exchange"

Where are you seeing that?  I can't find that text anywhere on the page.

Peter.



Home | Main Index | Thread Index | Old Index