VRDA Feed
by
Vulnerability Response Decision Assistance Feed : 脆弱性脅威分析用情報の定型データ配信
|
[ about VRDA Feed
| JPCERT/CC
]
|
|
|
|
|
|
分析対象脆弱性情報 (リビジョン番号 : 1)
|
[ Download XML
]
|
|
JVNDB-2023-020905
( CVE-2023-48795 | CVE-2023-48795 | CVE-2023-48795 ) |
|
OpenBSD の OpenSSH 等複数ベンダの製品におけるデータの整合性検証不備に関する脆弱性
|
|
https://jvndb.jvn.jp/ja/contents/2023/JVNDB-2023-020905.html |
|
原文
OpenBSD の OpenSSH 等複数ベンダの製品には、データの整合性検証不備に関する脆弱性が存在します。
|
|
|
|
|
この情報について
|
分析情報提供元:
|
JVN iPedia
|
初版公開日:
|
2024-01-17
|
分析対象脆弱性情報の分類:
|
アドバイザリ・注意喚起
|
最終更新日:
|
2024-01-17
|
|
|
|
|
脆弱性の影響を受ける製品の識別子
|
|
cpe:/a:bitvise:ssh_client
|
|
cpe:/a:bitvise:ssh_server
|
|
cpe:/a:crates:thrussh
|
|
cpe:/a:crushftp:crushftp
|
|
cpe:/a:filezilla:filezilla_client
|
|
cpe:/a:libssh:libssh
|
|
cpe:/a:microsoft:powershell
|
|
cpe:/a:net-ssh:net-ssh
|
|
cpe:/a:netsarang:xshell_7
|
|
cpe:/a:openbsd:openssh
|
|
cpe:/a:oryx-embedded:cyclone_ssh
|
|
cpe:/a:panic:nova
|
|
cpe:/a:panic:transmit_5
|
|
cpe:/a:paramiko:paramiko
|
|
cpe:/a:proftpd:proftpd
|
|
cpe:/a:redhat:openshift_container_platform
|
|
cpe:/a:redhat:openstack_platform
|
|
cpe:/a:roumenpetrov:pkixssh
|
|
cpe:/a:simon_tatham:putty
|
|
cpe:/a:ssh2_project:ssh2
|
|
cpe:/a:tera_term_project:tera_term
|
|
cpe:/a:vandyke:securecrt
|
|
cpe:/a:winscp:winscp
|
|
cpe:/o:freebsd:freebsd
|
|
cpe:/o:lancom-systems:lanconfig
|
|
cpe:/o:lancom-systems:lcos
|
|
cpe:/o:lancom-systems:lcos_fx
|
|
cpe:/o:lancom-systems:lcos_lx
|
|
cpe:/o:lancom-systems:lcos_sx
|
|
|
|
|
|
脆弱性の分析内容
|
|
[攻撃元区分]
[?]
|
|
未評価 [?] |
|
ネットワーク [?] |
|
|
[攻撃条件の複雑さ]
[?]
|
|
未評価 [?] |
|
低 [?] |
|
|
[攻撃前の認証要否]
[?]
|
|
未評価 [?] |
|
不要 [?] |
|
|
[機密性への影響]
[?]
|
|
未評価 [?] |
|
全面的 [?] |
|
|
[完全性への影響]
[?]
|
|
未評価 [?] |
|
全面的 [?] |
|
|
[可用性への影響]
[?]
|
|
未評価 [?] |
|
全面的 [?] |
|
|
関連情報
|
|
Common Vulnerabilities and Exposures (CVE) CVE-2023-48795 |
|
|
|
|
|
|
|
National Vulnerability Database (NVD) CVE-2023-48795 |
|
|
|
|
|
|
|
Red Hat Customer Portal CVE-2023-48795 |
|
|
|
|
|
|
|
|
|
|
参考情報
|
|
Allgemeine Sicherheitshinweise Informationen zur "Terrapin"-Sicherheitslucke im SSH-Protokoll (CVE-2023-48795) |
|
|
|
|
|
|
|
Bitvise SSH Client Version History Changes in Bitvise SSH Client 9.33: [ 20 December 2023 ] |
|
|
|
|
|
|
|
CrushFTP Minimum safe CrushFTP version is 10.6.0. (Regularly updating is critical and we make that as easy as possible.)# |
|
|
|
|
|
|
|
Download Release History |
|
|
|
|
|
|
|
FileZilla Version history |
|
|
|
|
|
|
|
FreeBSD Security Advisory FreeBSD-SA-23:19.openssh |
|
|
|
|
|
|
|
Git Bump version to 0.10.6 |
|
|
|
|
|
|
|
GitHub net-ssh/CHANGES.txt |
|
|
|
|
|
|
|
GitHub 1.3.9 Release Notes (master) |
|
|
|
|
|
|
|
GitHub Support the chacha20-poly1305@openssh.com SSH cipher #456 |
|
|
|
|
|
|
|
GitHub "Terrapin" MitM attack / CVE-2023-48795 #2337 |
|
|
|
|
|
|
|
GitHub Clarify exposure to CVE-2023-48795 (Terrapin) #2189 |
|
|
|
|
|
|
|
GitHub v9.5.0.0p1-Beta |
|
|
|
|
|
|
|
GitHub Strict KEX 対応 (CVE-2023-48795) |
|
|
|
|
|
|
|
GitHub lib: add strict key exchange mode support |
|
|
|
|
|
|
|
GitHub 1.3.8 Release Notes |
|
|
|
|
|
|
|
GitHub 1.3.9 Release Notes (d21e7a2) |
|
|
|
|
|
|
|
GitHub Tera Term 5.1 |
|
|
|
|
|
|
|
GitLab libssh project/libssh-mirror/タグ |
|
|
|
|
|
|
|
JVNDB CWE-354 データの整合性検証不備 |
|
|
|
|
|
|
|
NetSarang Xshell 7 Update History |
|
|
|
|
|
|
|
OpenSSH OpenSSH for OpenBSD |
|
|
|
|
|
|
|
OpenSSH release-9.6 |
|
|
|
|
|
|
|
PKIX-SSH 20 Dec 2023 : Official version 14.4 |
|
|
|
|
|
|
|
Paramiko Changelog |
|
|
|
|
|
|
|
Recent Version History 6.2.2 beta |
|
|
|
|
|
|
|
Red Hat Bugzilla Bug 2254210 |
|
|
|
|
|
|
|
Simon Tatham PuTTY Change Log |
|
|
|
|
|
|
|
VanDyke Software SecureCRT(R) 9.5 (Official) -- January 16, 2024 |
|
|
|
|
|
|
|
bitvise Bitvise SSH Server Version History |
|
|
|
|
|
|
|
crates thrussh |
|
|
|
|
|
|
|
panic Transmit 5 Release Notes |
|
|
|
|
|
|
|
関連文書 lists.debian.org (msg00017) |
|
|
|
|
|
|
|
関連文書 github.com (2.2.21...2.2.22) |
|
|
|
|
|
|
|
関連文書 nest.pijul.com (D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC) |
|
|
|
|
|
|
|
関連文書 github.com (8e972c5e94b460379fe0c7d20209c16df81538a5) |
|
|
|
|
|
|
|
関連文書 security-tracker.debian.org (trilead-ssh2) |
|
|
|
|
|
|
|
関連文書 github.com (changes.rst) |
|
|
|
|
|
|
|
関連文書 www.debian.org (dsa-5588) |
|
|
|
|
|
|
|
関連文書 bugs.gentoo.org (920280) |
|
|
|
|
|
|
|
関連文書 lists.fedoraproject.org (3CAYYW35MUTNO65RVAELICTNZZFMT2XS) |
|
|
|
|
|
|
|
関連文書 github.com (issues/520) |
|
|
|
|
|
|
|
関連文書 news.ycombinator.com (38684904) |
|
|
|
|
|
|
|
関連文書 github.com (pull/1291) |
|
|
|
|
|
|
|
関連文書 security.gentoo.org (202312-16) |
|
|
|
|
|
|
|
関連文書 github.com (tags) |
|
|
|
|
|
|
|
関連文書 www.openwall.com (oss-security/2023/12/18/2) |
|
|
|
|
|
|
|
関連文書 bugzilla.suse.com (1217950) |
|
|
|
|
|
|
|
関連文書 lists.fedoraproject.org (3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O) |
|
|
|
|
|
|
|
関連文書 lists.fedoraproject.org (APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3) |
|
|
|
|
|
|
|
関連文書 github.com (v2.5.6) |
|
|
|
|
|
|
|
関連文書 news.ycombinator.com (38685286) |
|
|
|
|
|
|
|
関連文書 github.com (CHANGES#L25) |
|
|
|
|
|
|
|
関連文書 security.gentoo.org (202312-17) |
|
|
|
|
|
|
|
関連文書 www.openwall.com (oss-security/2023/12/20/3) |
|
|
|
|
|
|
|
関連文書 filezilla-project.org (versions.php) |
|
|
|
|
|
|
|
関連文書 lists.fedoraproject.org (F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y) |
|
|
|
|
|
|
|
関連文書 github.com (notes.xml#L39-L42) |
|
|
|
|
|
|
|
関連文書 news.ycombinator.com (38732005) |
|
|
|
|
|
|
|
関連文書 github.com (jsch-0.2.14...jsch-0.2.15) |
|
|
|
|
|
|
|
関連文書 security.netapp.com (ntap-20240105-0004) |
|
|
|
|
|
|
|
関連文書 packetstormsecurity.com (Terrapin-SSH-Connection-Weakening) |
|
|
|
|
|
|
|
関連文書 github.com (v0.40.2) |
|
|
|
|
|
|
|
関連文書 www.reddit.com (cve202348795_why_is_this_cve_still_undisclosed) |
|
|
|
|
|
|
|
関連文書 forum.netgate.com (terrapin-ssh-attack) |
|
|
|
|
|
|
|
関連文書 github.com (issues/165) |
|
|
|
|
|
|
|
関連文書 lists.fedoraproject.org (KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD) |
|
|
|
|
|
|
|
関連文書 github.com (OTP-26.2.1) |
|
|
|
|
|
|
|
関連文書 nova.app (#v11.8) |
|
|
|
|
|
|
|
関連文書 github.com (issues/457) |
|
|
|
|
|
|
|
関連文書 thorntech.com (cve-2023-48795-and-sftp-gateway) |
|
|
|
|
|
|
|
関連文書 www.openwall.com (oss-security/2023/12/18/3) |
|
|
|
|
|
|
|
関連文書 groups.google.com (-n5WqVC18LQ) |
|
|
|
|
|
|
|
関連文書 www.suse.com (suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795) |
|
|
|
|
|
|
|
関連文書 github.com (pull/275249) |
|
|
|
|
|
|
|
関連文書 lists.fedoraproject.org (MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB) |
|
|
|
|
|
|
|
関連文書 github.com (9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d) |
|
|
|
|
|
|
|
関連文書 security-tracker.debian.org (CVE-2023-48795) |
|
|
|
|
|
|
|
関連文書 github.com (pull/461) |
|
|
|
|
|
|
|
関連文書 twitter.com (status/1736774389725565005) |
|
|
|
|
|
|
|
関連文書 www.openwall.com (oss-security/2023/12/19/5) |
|
|
|
|
|
|
|
関連文書 groups.google.com (qA3XtxvMUyg) |
|
|
|
|
|
|
|
関連文書 www.terrapin-attack.com |
|
|
|
|
|
|
|
関連文書 github.com (GHSA-45x7-px36-x8w8) |
|
|
|
|
|
|
|
関連文書 www.theregister.com (terrapin_attack_ssh) |
|
|
|
|
|
|
|
関連文書 github.com (issues/445) |
|
|
|
|
|
|
|
関連文書 lists.fedoraproject.org (QI3EHAHABFQK7OABNCSF5GMYP6TONTI7) |
|
|
|
|
|
|
|
関連文書 github.com (issues/916) |
|
|
|
|
|
|
|
関連文書 security-tracker.debian.org (libssh2) |
|
|
|
|
|
|
|
関連文書 github.com (master) |
|
|
|
|
|
|
|
関連文書 ubuntu.com (CVE-2023-48795) |
|
|
|
|
|
|
|
関連文書 www.openwall.com (oss-security/2023/12/20/3) |
|
|
|
|
|
|
|
関連文書 jadaptive.com (important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795) |
|
|
|
|
|
|
|
関連文書 github.com (5c8b534f6e97db7ac0e0e579331213aa25c173ab) |
|
|
|
|
|
|
|
関連文書 matt.ucc.asn.au (CHANGES) |
|
|
|
|
|
|
|
関連文書 github.com (issues/81) |
|
|
|
|
|
|
|
関連文書 security-tracker.debian.org (proftpd-dfsg) |
|
|
|
|
|
|
|
関連文書 github.com (releases) |
|
|
|
|
|
|
|
関連文書 www.debian.org (dsa-5586) |
|
|
|
|
|
|
|
関連文書 arstechnica.com (hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack) |
|
|
|
|
|
|
|
|
Copyright © 2024 JPCERT/CC All Rights Reserved.
|