1218183 – VUL-0: CVE-2023-48795: python-Twisted: prefix truncation breaking ssh channel integrity aka Terrapin Attack

Bug 1218183 - VUL-0: CVE-2023-48795: python-Twisted: prefix truncation breaking ssh channel integrity aka Terrapin Attack

Summary: VUL-0: CVE-2023-48795: python-Twisted: prefix truncation breaking ssh channel...

Status:	RESOLVED WONTFIX

Alias:	None

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Critical
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/387549/
Whiteboard:
Keywords:

Depends on:
Blocks:	CVE-2023-48795
	Show dependency tree / graph

Clone This Bug

Reported:	2023-12-19 08:03 UTC by Marcus Meissner
Modified:	2024-02-14 13:56 UTC (History)
CC List:	12 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2023-12-19 08:03:59 UTC

This bug tracks python-Twisted SSH implementation in regards to the Terrapin Attack.

+++ This bug was initially created as a clone of Bug #1217950 +++

Comment 1 Marcus Meissner 2023-12-19 08:04:47 UTC

i checked twisted sourcecode in factory and SP4, neither support
chacha20-poly1305 or etm.

however they implement SSH v2 protocol, so might need the fix in some form but less urgently.

Comment 2 Daniel Garcia 2024-01-10 17:02:45 UTC

Upstream issue can be found here: https://github.com/twisted/twisted/issues/12057

Comment 3 Matej Cepl 2024-02-13 23:13:04 UTC

The relevant part of the upstream ticket is this, I believe (https://github.com/twisted/twisted/issues/12057#issuecomment-1866239542):

> Just a quick comment from my part as one of the authors of the Terrapin paper. We also examined twisted.conch.ssh while compiling our list of implementations for responsible disclosure. While it seems true that you currently don't support the affected cipher modes, it may still be advisable to implement "strict kex" to improve the rigidity of the SSH handshake to avoid possible attacks of a similar kind in the future. The protocol weaknesses are buried deep within the SSH specification but only become exploitable when using newer ciphers. Handling it as a feature request seems fine because it does not affect security.

If I understand this correctly, then it means that we actually do not carry CVE-worthy bug in our packages. If anything, then this could be downgraded to normal RFE, but unless we want to make this change upstream, we should probably leave this to the upstream.

Suggesting WONTFIX.

Comment 4 Marcus Meissner 2024-02-14 13:56:28 UTC

currently marking as wontfix