OpenSSH Vulnerabilities CVE-2023-48795,CVE-2023-51384,CVE-2024-39894,CVE-2024-6387,CVE-2023-51385 on Site Recovery manager and vSphere Replication
Article ID: 383471
Updated On: 12-16-2024
Products
Issue/Introduction
Symptoms:
The listed CVEs have been identified in Site recovery manager and vSphere replicationsEnvironment
Site Recovery Manager 9.0.2
vSphere replication 9.0.2
Cause
CVE-2023-48795
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack.
CVE-2023-51384
In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.
CVE-2024-39894
OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.
CVE-2024-6387
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period
CVE-2023-51385
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name
Resolution
CVE-2023-48795
The vulnerability is present and fixed in Photon 5 version (9.3p2-7.ph5). However, the SRM appliance currently uses Photon 4, and the issue will be resolved in a future release. As a temporary workaround, disable SSH and enable it only when required.
CVE-2023-51384
The vulnerability is fixed in Photon 4 version 8.9p1-6.ph4. SRM/VR 9.0.1 has the fixed OpenSSH.
CVE-2024-39894
This vulnerability does not affect the SRM appliance because it is addressed in Photon 9.5 and fixed by 9.8. SRM uses Photon 4 (9.3), so this CVE is not applicable.
CVE-2024-6387
The vulnerability is fixed in Photon 4 version 8.9p1-8.ph4.SRM/VR 9.0.2 has the fixed OpenSSH
CVE-2023-51385
The vulnerability is fixed in Photon 4 version 8.9p1-5.ph4. SRM/VR 9.0 has the fixed OpenSSH
Incase CVE-2023-51384 ,CVE-2024-6387,CVE-2023-51385 are detected in SRM/VR version 9.0.2 we can consider this as False positive. Because it scans the rpm version to report the vulnerabilities.
Feedback
