[Midnightbsd-cvs] [MidnightBSD/src] 74eaa9: Prefix Truncation Attack in the SSH protocol
Lucas Holt
noreply at github.com
Wed Dec 27 14:42:23 EST 2023
Branch: refs/heads/master
Home: https://github.com/MidnightBSD/src
Commit: 74eaa9a3e9463cd974568191afa1dc9b0472699f
https://github.com/MidnightBSD/src/commit/74eaa9a3e9463cd974568191afa1dc9b0472699f
Author: Lucas Holt <luke at foolishgames.com>
Date: 2023-12-27 (Wed, 27 Dec 2023)
Changed paths:
M crypto/openssh/PROTOCOL
M crypto/openssh/kex.c
M crypto/openssh/kex.h
M crypto/openssh/packet.c
M crypto/openssh/packet.h
M crypto/openssh/sshconnect2.c
Log Message:
-----------
Prefix Truncation Attack in the SSH protocol
CVE-2023-48795
A man in the middle attacker can silently manipulate handshake messages to
truncate extension negotiation messages potentially leading to less secure
client authentication algorithms or deactivating keystroke timing attack
countermeasures.
Obtained from: FreeBSD
More information about the Midnightbsd-cvs
mailing list