Debian and Ubuntu have released security updates for their respective OS versions, addressing five flaws discovered in the openssh package.
In this article, we will delve into the intricacies of these vulnerabilities, shedding light on their nature and the recommended measures to safeguard your OpenSSH environment.
One of the vulnerabilities, tracked under CVE-2021-41617, exposes a flaw in the initialization of supplemental groups when executing AuthorizedKeysCommand or AuthorizedPrincipalsCommand.
Luci Stanescu identified a OpenSSH vulnerability that stems from an error preventing the communication of constraints to the ssh-agent when adding smartcard keys.
The issue occurs when per-hop destination constraints are in place, causing keys to be added to the agent without the intended constraints.
This could potentially lead to unauthorized access or misuse of keys.
Fabian Baeumer, Marcus Brinkmann, and Joerg Schwenk uncovered the vulnerability known as the Terrapin attack.
This attack exploits a prefix truncation weakness in the SSH protocol, allowing a Man-in-the-Middle attacker to compromise the integrity of the early encrypted SSH transport protocol.
By sending extra messages before encryption starts and deleting an equal number of consecutive messages immediately after encryption begins, an attacker can achieve a limited break in the system's security.
This OpenSSH vulnerability highlights an issue with PKCS#11-hosted private keys.
When adding these keys while specifying destination constraints and the PKCS#11 token returns multiple keys, only the first key has the constraints applied.
This oversight could potentially lead to unintended access or misuse of keys.
This flaw exposes a potential command injection risk when an invalid user or hostname containing shell metacharacters is passed to ssh.
If a ProxyCommand, LocalCommand directive, or match exec predicate references the user or hostname via expansion tokens, an attacker who can supply arbitrary user/hostnames to ssh might exploit this vulnerability.
In the light of these flaws, it is crucial to take proactive measures to secure your OpenSSH environment.
Updating your OpenSSH packages is highly recommended to patch these vulnerabilities and ensure the ongoing security of your systems.
A reboot will be required after the update to apply the changes.
For rebootless vulnerability patching, you can utilize KernelCare Enterprise live patching solution.
It automatically applies all security updates so you don't have to worry about missing patches.
This is a Security Bloggers Network syndicated blog from TuxCare authored by Rohan Timalsina.
This Cyber News was published on securityboulevard.com. Publication date: Mon, 08 Jan 2024 12:13:04 +0000