CVE
CVE-2023-48795
| CVE ID |
CVE-2023-48795
|
|---|---|
| CVSS Score |
5.9
|
| Operating System | |
| Affected Versions | |
| Patched Versions |
openssh-7.4p1-23_ol006.el7
|
| Patch Date |
|
| Last Updated Date | |
| Vector String |
Additional Information
OL CVE Issue Summary :
Terrapin is a prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel.
By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at the beginning of the secure channel without the client or server noticing it.
Fix is to enforce strict key exchange on client as well as on server.