Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Current »

This KB provides guidance for customers to address reported vulnerabilities associated with the OpenSSH extension:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795

DataCore FileFly

Linux is not supported. No action is necessary.

Swarm Storage

Swarm Storage does not ship runtime images with OpenSSH in any Swarm version. No update is required.

Swarm SCS, Gateway, Elasticsearch, Telemetry

For Red Hat (RHEL) 7 and CentOS 7, follow these steps to remediate:

To mitigate the vulnerability, remove the ChaCha20-Poly1305 cipher and CBC mode ciphers from the /etc/ssh/sshd_config file. Update the configuration as follows:

# Ciphers and keying
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com

# MAC algorithms
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256

######VAfix - kexalgorithms##########
kexalgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1

After modifying the file, save it and restart the SSH service:

sudo systemctl restart sshd

This configuration change will help mitigate the Terrapin vulnerability by removing the affected ciphers while maintaining compatibility with supported systems.

To verify the mitigation is applied download and run the following tool

curl -LO https://github.com/RUB-NDS/Terrapin-Scanner/releases/download/v1.1.3/Terrapin_Scanner_Linux_amd64
chmod +x Terrapin_Scanner_Linux_amd64
./Terrapin_Scanner_Linux_amd64 --connect <CentOS7/RHEL7 Server IP>

  • No labels

© DataCore Software Corporation. · https://www.datacore.com · All rights reserved.