Iqembu labacwaningi abavela eNyuvesi yase-Ruhr e-Bochum (eJalimane) lethule indlela entsha yokuhlasela ye-MITM ku-SSH - Terrapin, esebenzisa ubungozi (CVE-2023-48795) kumthethonqubo. Umhlaseli okwazi ukuhlela ukuhlasela kwe-MITM unekhono, phakathi nenqubo yokuxoxisana yokuxhumana, ukuvimba ukuthunyelwa komlayezo ngokumisa izandiso zephrothokholi ukuze kwehliswe ileveli yokuphepha yokuxhuma. I-prototype yekhithi yamathuluzi yokuhlasela ishicilelwe ku-GitHub.
Kumongo we-OpenSSH, ukuba sengozini, isibonelo, kukuvumela ukuthi ubuyisele emuva uxhumo ukuze usebenzise ama-algorithms okuqinisekisa avikeleke kancane futhi ukhubaze ukuvikela ekuhlaselweni kwesiteshi esiseceleni okudala kabusha okokufaka ngokuhlaziya ukubambezeleka phakathi kwama-keystrokes kukhibhodi. Kulabhulali ye-Python i-AsyncSSH, kuhlanganiswe nokuba sengozini (CVE-2023-46446) ekusetshenzisweni komshini wombuso wangaphakathi, ukuhlasela kwe-Terrapin kusivumela ukuthi sizihlanganise neseshini ye-SSH.
Ukuba sengozini kuthinta konke ukusetshenziswa kwe-SSH okusekela i-ChaCha20-Poly1305 noma amaciphe emodi ye-CBC kuhlanganiswe nemodi ye-ETM (Bethela-bese-MAC). Isibonelo, amakhono afanayo abelokhu etholakala ku-OpenSSH iminyaka engaphezu kwe-10. Ukuba sengozini kulungisiwe ekukhishweni kwanamuhla kwe-OpenSSH 9.6, kanye nezibuyekezo ku-PuTTY 0.80, libssh 0.10.6/0.9.8 kanye ne-AsyncSSH 2.14.2. Ku-Dropbear SSH, ukulungiswa sekungeziwe kakade kukhodi, kodwa ukukhishwa okusha akukakakhiqizi.
Ukuba sengozini kubangelwa ukuthi umhlaseli olawula ukuxhuma kwethrafikhi (isibonelo, umnikazi wephoyinti elingenantambo eliyingozi) angalungisa izinombolo zokulandelana kwephakethe ngesikhathi senqubo yezingxoxo zokuxhuma futhi azuze ukususwa buthule kwenombolo engafanele yemiyalezo yesevisi ye-SSH. ithunyelwe iklayenti noma iseva. Phakathi kwezinye izinto, umhlaseli angasusa imilayezo ye-SSH_MSG_EXT_INFO esetshenziselwa ukulungisa izandiso zephrothokholi ezisetshenzisiwe. Ukuze uvimbele elinye iqembu ekutholeni ukulahleka kwephakethe ngenxa yegebe kuzinombolo zokulandelana, umhlaseli uqala ukuthumela iphakethe le-dummy elinenombolo yokulandelana efana nephakethe lerimothi ukuze asuse inombolo yokulandelana. Iphakethe le-dummy liqukethe umlayezo onefulegi le-SSH_MSG_IGNORE, elizitshwayo phakathi nokucubungula.
Ukuhlasela akukwazi ukwenziwa kusetshenziswa ama-stream ciphers kanye ne-CTR, njengoba ukwephulwa kobuqotho kuzotholwa kuleveli yohlelo lokusebenza. Eqinisweni, i-ChaCha20-Poly1305 kuphela i-cipher engase ihlaselwe ([i-imeyili ivikelwe]), lapho isimo silandelwa kuphela izinombolo zokulandelana komlayezo, kanye nenhlanganisela evela kumodi ye-Encrypt-Then-MAC (*[i-imeyili ivikelwe]) kanye nama-ciphers e-CBC.
Ku-OpenSSH 9.6 nokunye ukusetshenziswa, isandiso sephrothokholi "eqinile ye-KEX" isetshenziswa ukuze kuvinjwe ukuhlasela, okunikwa amandla ngokuzenzakalela uma kunosekelo kuseva nasemaceleni eklayenti. Isandiso sinqamula uxhumo lapho sithola noma yimiphi imilayezo engajwayelekile noma engadingekile (ngokwesibonelo, ngefulegi le-SSH_MSG_IGNORE noma le-SSH2_MSG_DEBUG) elitholwe phakathi nenqubo yokuxoxisana, futhi siphinde sisethe kabusha ikhawunta ye-MAC (Ikhodi Yokuqinisekisa Umlayezo) ngemva kokuqedwa kokushintshaniswa kokhiye ngamunye.
Source: opennet.ru