The release of OpenSSH 9.6 has been published, an open implementation of a client and server for working using the SSH 2.0 and SFTP protocols. The new version fixes three security issues:
- A vulnerability in the SSH protocol (CVE-2023-48795, “Terrapin” attack), which allows a MITM attack to roll back the connection to use less secure authentication algorithms and disable protection against side-channel attacks that recreate input by analyzing the delays between keystrokes on the keyboard . The attack method is described in a separate news article.
- A vulnerability in the ssh utility that allows substitution of arbitrary shell commands through manipulation of login and host values containing special characters. The vulnerability can be exploited if an attacker controls the login and hostname values passed to ssh, ProxyCommand and LocalCommand directives, or "match exec" blocks that contain wildcard characters such as %u and %h. For example, incorrect login and host can be substituted in systems that use submodules in Git, since Git does not prohibit specifying special characters in the host and user names. A similar vulnerability also appears in libssh.
- There was a bug in ssh-agent where, when adding PKCS#11 private keys, restrictions were applied only to the first key returned by the PKCS#11 token. The issue does not affect regular private keys, FIDO tokens, or unrestricted keys.
Other changes:
- Added "%j" substitution to ssh, expanding into the hostname specified via the ProxyJump directive.
- ssh has added support for setting ChannelTimeout on the client side, which can be used to terminate inactive channels.
- Added support for reading ED25519 private keys in PEM PKCS8 format to ssh, sshd, ssh-add and ssh-keygen (previously only OpenSSH format was supported).
- A protocol extension has been added to ssh and sshd to renegotiate digital signature algorithms for public key authentication after the username has been received. For example, using the extension, you can selectively use other algorithms in relation to users by specifying PubkeyAcceptedAlgorithms in the “Match user” block.
- Added a protocol extension to ssh-add and ssh-agent to set certificates when loading PKCS#11 keys, allowing certificates associated with PKCS#11 private keys to be used in all OpenSSH utilities that support ssh-agent, not just ssh.
- Improved detection of unsupported or unstable compiler flags such as "-fzero-call-used-regs" in clang.
- To limit the privileges of the sshd process, versions of OpenSolaris that support the getpflags() interface use the PRIV_XPOLICY mode instead of PRIV_LIMIT.
Source: opennet.ru