Otu ndị nyocha sitere na Mahadum Ruhr dị na Bochum (Germany) gosipụtara usoro mbuso agha MITM ọhụrụ na SSH - Terrapin, nke na-erigbu adịghị ike (CVE-2023-48795) na protocol. Onye na-awakpo nwere ike ịhazi ọgụ MITM nwere ikike, n'oge usoro mkparịta ụka njikọ, igbochi izipu ozi site na ịhazi protocol extensions iji belata ọkwa nchebe njikọ. Ebipụtala ụdị ngwa ngwa ọgụ na GitHub.
N'ihe gbasara OpenSSH, adịghị ike, dịka ọmụmaatụ, na-enye gị ohere ịlaghachi njikọ ahụ iji jiri algọridim nyocha dị obere ma gbanyụọ nchebe megide mwakpo ọwa n'akụkụ na-emeghachi ntinye site na nyochaa nkwụsịtụ n'etiti igodo igodo na ahụigodo. N'ọbá akwụkwọ Python AsyncSSH, yana njikọta na adịghị ike (CVE-2023-46446) na mmejuputa igwe steeti dị n'ime, ọgụ Terrapin na-enye anyị ohere itinye onwe anyị na nnọkọ SSH.
Ọdịmma ahụ na-emetụta mmejuputa SSH niile na-akwado ChaCha20-Poly1305 ma ọ bụ CBC mode ciphers yana ngwakọta ETM (Encrypt-then-MAC). Dịka ọmụmaatụ, ikike ndị yiri ya dị na OpenSSH ihe karịrị afọ 10. Edobere adịghị ike ahụ na mwepụta OpenSSH 9.6 taa, yana mmelite na PuTTY 0.80, libssh 0.10.6/0.9.8 na AsyncSSH 2.14.2. Na Dropbear SSH, agbakwunyelarị ihe ndozi ahụ na koodu ahụ, mana ewepụtabeghị ntọhapụ ọhụrụ.
A na-akpata adịghị ike ahụ site na eziokwu ahụ bụ na onye na-awakpo na-achịkwa okporo ụzọ njikọ (dịka ọmụmaatụ, onye nwe ebe ikuku ọjọọ) nwere ike ịhazigharị nọmba usoro ngwugwu n'oge usoro mkparịta ụka njikọ wee nweta nkwụsị nkịtị nke nọmba aka ike nke ozi ọrụ SSH. onye ahịa ma ọ bụ ihe nkesa zitere. Tinyere ihe ndị ọzọ, onye na-awakpo nwere ike ihichapụ ozi SSH_MSG_EXT_INFO eji ahazi protocol extensions eji. Iji gbochie ndị ọzọ ịchọpụta mfu ngwugwu n'ihi oghere dị na ọnụọgụ usoro, onye mwakpo ahụ malitere izipu ngwugwu dummy nwere otu nọmba usoro dị ka ngwugwu dịpụrụ adịpụ iji gbanwee nọmba usoro. Ngwungwu ahụ nwere ozi nwere ọkọlọtọ SSH_MSG_IGNORE, nke a na-eleghara anya mgbe a na-ahazi ya.
Enweghị ike ime mwakpo a site na iji ciphers iyi na CTR, ebe ọ bụ na a ga-achọpụta mmebi iwu n'ogo ngwa. Na omume, naanị ChaCha20-Poly1305 cipher nwere ike ibuso ọgụ ([email protected]), nke a na-enyocha steeti ahụ naanị site na nọmba usoro ozi, yana ngwakọta sitere na ọnọdụ Encrypt-Mgbe ahụ-MAC (*[email protected]) na CBC ciphers.
Na OpenSSH 9.6 na mmejuputa ndị ọzọ, a na-emejuputa mgbakwunye nke "KEX siri ike" protocol iji gbochie mwakpo ahụ, nke a na-enye aka na-akpaghị aka ma ọ bụrụ na enwere nkwado na ihe nkesa na akụkụ ndị ahịa. Mgbakwunye ahụ na-akwụsị njikọ ahụ mgbe nnata ozi ọ bụla na-adịghị mma ma ọ bụ nke na-adịghị mkpa (dịka ọmụmaatụ, ya na ọkọlọtọ SSH_MSG_IGNORE ma ọ bụ SSH2_MSG_DEBUG) enwetara n'oge usoro mkparịta ụka njikọ, ma malitegharịa MAC ( Usoro nkwenye ozi) mgbe emechara mgbanwe igodo ọ bụla.
isi: opennet.ru