Gulu la ofufuza ochokera ku yunivesite ya Ruhr ku Bochum (Germany) adapereka njira yatsopano yowukira MITM pa SSH - Terrapin, yomwe imagwiritsa ntchito chiwopsezo (CVE-2023-48795) mu protocol. Wowukira yemwe amatha kukonza kuukira kwa MITM ali ndi kuthekera, panthawi yolumikizana, kuletsa kutumiza uthenga pokonza zowonjezera za protocol kuti muchepetse chitetezo cha kulumikizana. Chitsanzo cha zida zowukira chasindikizidwa pa GitHub.
Pankhani ya OpenSSH, kusatetezeka, mwachitsanzo, kumakupatsani mwayi wobweza kulumikizanako kuti mugwiritse ntchito ma aligorivimu otsimikizika ocheperako ndikuyimitsa chitetezo motsutsana ndi njira zam'mbali zomwe zimapanganso zolowetsa posanthula kuchedwa pakati pa makiyi a kiyibodi. Mu laibulale ya Python AsyncSSH, kuphatikiza ndi chiwopsezo (CVE-2023-46446) pakukhazikitsa makina amkati a boma, kuwukira kwa Terrapin kumatilola kuti tilowe mu gawo la SSH.
Kusatetezeka kumakhudza machitidwe onse a SSH omwe amathandizira ChaCha20-Poly1305 kapena CBC mode ciphers kuphatikiza ndi ETM (Encrypt-then-MAC) mode. Mwachitsanzo, luso lofananalo lakhala likupezeka mu OpenSSH kwa zaka zopitilira 10. Chiwopsezochi chakhazikika pakutulutsidwa kwa OpenSSH 9.6 lero, komanso zosintha za PuTTY 0.80, libssh 0.10.6/0.9.8 ndi AsyncSSH 2.14.2. Mu Dropbear SSH, kukonza kwawonjezeredwa kale ku code, koma kumasulidwa kwatsopano sikunapangidwe.
Chiwopsezochi chimayamba chifukwa chakuti wowukira yemwe amayang'anira kuchuluka kwa magalimoto olumikizidwa (mwachitsanzo, mwiniwake wa malo opanda zingwe) amatha kusintha manambala a paketi panthawi yolumikizirana ndikukwaniritsa kufufutidwa mwakachetechete kwa mauthenga a SSH. yotumizidwa ndi kasitomala kapena seva. Mwa zina, wowukira atha kufufuta SSH_MSG_EXT_INFO mauthenga omwe amagwiritsidwa ntchito kukonza ma protocol omwe amagwiritsidwa ntchito. Kuletsa gulu lina kuti lizindikire kutayika kwa paketi chifukwa cha kusiyana kwa manambala otsatizana, wowukirayo amayambitsa kutumiza paketi ya dummy yokhala ndi nambala yotsatizana yofanana ndi paketi yakutali kuti asinthe nambala yotsatizana. Phukusi la dummy lili ndi uthenga wokhala ndi mbendera ya SSH_MSG_IGNORE, yomwe imanyalanyazidwa pakukonzedwa.
Kuwukirako sikungachitike pogwiritsa ntchito ma stream ciphers ndi CTR, popeza kuphwanya umphumphu kudzadziwika pamlingo wogwiritsa ntchito. M'malo mwake, ChaCha20-Poly1305 cipher yokha ndi yomwe ingathe kuwukira ([imelo ndiotetezedwa]), momwe dziko limatsatiridwa ndi manambala otsatizana a mauthenga, komanso kuphatikiza kuchokera ku Encrypt-Then-MAC mode (*[imelo ndiotetezedwa]) ndi CBC ciphers.
Mu OpenSSH 9.6 ndi kukhazikitsa kwina, kukulitsa kwa protocol ya "KEX" yokhazikika kumakhazikitsidwa kuti aletse kuukira, komwe kumangothandizidwa ngati pali chithandizo pa seva ndi mbali za kasitomala. Kuwonjezako kumathetsa kulumikizako kukalandira mauthenga aliwonse achilendo kapena osafunika (mwachitsanzo, ndi SSH_MSG_IGNORE kapena SSH2_MSG_DEBUG mbendera) yolandiridwa panthawi yolumikizana, ndikukhazikitsanso kauntala ya MAC (Message Authentication Code) mukamaliza kusinthana kwa kiyi iliyonse.
Source: opennet.ru