chacha20-poly1305 – CVE-2023-48795

Posted on August 31, 2024 by Tom Hamilton
Reading Time: 2 minutes

Last Updated: 8/31/2024

IMPORTANT NOTE: Please read this carefully. Test. Come to your own conclusions. This is about as close to saying I am not a lawyer… I am not a financial advisor. Yes, this is a disclaimer. Think of this as possibly a interesting piece of fiction, and work out the details for yourself.

Chances are unless you have done a fair bit of updating you probably are not at the latest version of OpenSSH. In fact one of the only reasons for this post is because the lead on distro package release updating a piece of software is often very very great. (Try comparing versions of bash) If you read through the OpenSSH CVE you will note some strange stories. See:

The vulnerability resurfaces in versions from 8.5p1 up to, but not including, 9.8p1 due to the accidental removal of a critical component in a function.

The take away is that lag can sometimes work for and sometimes against you.

Checking:

Checking your version of ssh.

nodex# ssh -V
OpenSSH_9.8p1, OpenSSL 3.0.2 15 Mar 2022


I am burring a lead here, so please read this (this story) in it’s entirety. So remember when you use ssh -Q ciphers it lists what is compiled into the binary – not what is being offered.

nodex# ssh -Q ciphers
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com


The following bit of code here is, to my understanding, what is used to disable this as an offering.

echo 'Ciphers -chacha20-poly1305@openssh.com' > /etc/ssh/sshd_config.d/anti-terrapin-attack.conf
echo 'Ciphers -chacha20-poly1305@openssh.com' > /etc/ssh/ssh_config.d/anti-terrapin-attack.conf
systemctl restart sshd


Quick note: We would really want to use our good friend nmap to test what is actively being offered.

nmap --script ssh2-enum-algos -sV -p 22 localhost


We DO NOT want to see chacha20-poly1305@openssh.com as an offering.

|   encryption_algorithms: (6)
|       aes128-ctr
|       aes192-ctr
|       aes256-ctr
|       chacha20-poly1305@openssh.com
|       aes256-gcm@openssh.com
|       aes128-gcm@openssh.com


References:
https://unix.stackexchange.com/questions/766178/how-to-disable-chacha20-poly1305-encryption-to-stop-the-terrapin-ssh-attack
https://www.qualys.com/regresshion-cve-2024-6387/

This entry was posted in Linux, Security. Bookmark the permalink.