[CVE-2023-48795] Terrapin: openssh vulnerable in SFOS 4.5 and below

nephros · 6 May 2024 10:31

REPRODUCIBILITY: 100%
OS VERSION: 4.5.0.25 and below, fixed in 4.6 and higher
HARDWARE: any
UI LANGUAGE: any
REGRESSION: no

DESCRIPTION:

It has been confirmed that this issue is fixed in the upcoming Sailfish OS 4.6 release, “Sauna”.

Older Sailfish OS ships with OpenSSH version 8.8p1, which is vulnerable to a certain attack called Terrapin.

See https://terrapin-attack.com/ for details.

(Read it thoroughly, especially the first entry in the FAQ. → Don’t panic.)

PRECONDITIONS:

Stock install of OpenSSH on any Sailfish OS phone.

STEPS TO REPRODUCE:

See the website link above. Using their vulnerability scanner one gets something like this output when running on a SFOS phone:

 ./Terrapin_Scanner_Linux_aarch64 -connect localhost:22
================================================================================
==================================== Report ====================================
================================================================================

Remote Banner: SSH-2.0-OpenSSH_8.8

ChaCha20-Poly1305 support:   true
CBC-EtM support:             false

Strict key exchange support: false

The scanned peer is VULNERABLE to Terrapin.

Note: This tool is provided as is, with no warranty whatsoever. It determines
      the vulnerability of a peer by checking the supported algorithms and
      support for strict key exchange. It may falsely claim a peer to be
      vulnerable if the vendor supports countermeasures other than strict key
      exchange.

For more details visit our website available at https://terrapin-attack.com

EXPECTED RESULT:

n/a

ACTUAL RESULT:

n/a

MODIFICATIONS:

n/a

ADDITIONAL INFORMATION:

On Sailfish OS GitHub, PR#4 was merged, which upgrades OpenSSH to version 9.6p1 which should not be affected.

~~Therefore there is reason to believe that~~ It has been confirmed that this issue is already fixed in the upcoming Sailfish OS 4.6 release, “Sauna”.

nephros · 6 May 2024 10:48

Users of affected releases can:

either compile and install an unaffected version from the mentioned tag on github
or apply the following modifications on their system:

# open a Terminal or ssh session (heh!)
# become root
devel-su
# add config lines to ssh server config:
printf '\n# disable ChaCha20-Poly1305 to avoid Terrapin\nCiphers -chacha20-poly1305@openssh.com\n' >> /etc/ssh/sshd_config
systemctl restart sshd
# add config lines to ssh client config:
printf '\n# disable ChaCha20-Poly1305 to avoid Terrapin\nCiphers -chacha20-poly1305@openssh.com\n' >> /etc/ssh/ssh_config

Or, less cryptically, open /etc/ssh/sshd_config and look for this section:

# Disable weak algorithms
KexAlgorithms -diffie-hellman-group14-sha1
MACs -hmac-sha1,hmac-sha1-etm@openssh.com

Add a comment and a line disabling chacha20-poly1305:

# Disable weak algorithms
KexAlgorithms -diffie-hellman-group14-sha1
MACs -hmac-sha1,hmac-sha1-etm@openssh.com
# disable ChaCha20-Poly1305 to avoid Terrapin
Ciphers -chacha20-poly1305@openssh.com

Do the same for /etc/ssh/ssh_config, although it does not have that specific section, so just put it anywhere.

More details and a potential optimization can be found e.g. in this thread:

poetaster · 6 May 2024 10:58

careful not to edit ONLY ssh_config but sshd_config … I just, err, cough cough, did that.

nephros · 6 May 2024 10:59

No actually it’s fine, you should modify both. The comment has been updated now.

poetaster · 6 May 2024 11:01

Just updated mine to note that you should actually edit both. My fault was to edit only the CLIENT config.

ohnonot · 13 May 2024 09:39

Done, rebooted, still works.

Thanks.

jovirkku · 14 May 2024 11:35

The upcoming OS release 4.6.0 has openssh v. 9.6p1. This version prevents the vulnerability CVE-2023-48795.

nephros · 14 May 2024 12:30

Thanks for confirming, I have updated the text above.