This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Blason_R
Leader
Leader
‎2023-12-19 05:43 AM
Jump to solution

Terrapin Vulnerability - All Linux servers are vulnerable globally including CheckPoint

Hi Team,

All of my CheckPoint firewalls have been scanned recently, and it appears that they are all displaying vulnerable hosts due to a recently disclosed vulnerability known as Terrapin. Though I patched my Linux hosts with Customized Ciphers but wondering how do I start with CheckPoint?

Any comment from CheckPoint staff?

https://terrapin-attack.com/

@PhoneBoy  @Chris_Atkinson Terrapin attackTerrapin attack

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
3 Solutions

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend
‎2023-12-20 05:42 AM
In response to PhoneBoy
Jump to solution

I just did that for training, it was easily done in clish:

enabled cipher: 
-------------------------------- 
aes128-cbc 
aes128-ctr 
aes128-gcm@openssh.com 
aes192-ctr 
aes256-ctr 
aes256-gcm@openssh.com 
chacha20-poly1305@openssh.com

set ssh server cipher chacha20-poly1305@openssh.com off

enabled cipher: 
-------------------------------- 
aes128-cbc 
aes128-ctr 
aes128-gcm@openssh.com 
aes192-ctr 
aes256-ctr 
aes256-gcm@openssh.com 
enabled mac: 
-------------------------------- 
hmac-sha1 
hmac-sha1-etm@openssh.com 
hmac-sha2-256 
hmac-sha2-256-etm@openssh.com 
hmac-sha2-512 
hmac-sha2-512-etm@openssh.com 
umac-64-etm@openssh.com 
umac-64@openssh.com 
umac-128-etm@openssh.com 

set ssh server mac hmac-sha1-etm@openssh.com off
set ssh server mac hmac-sha2-256-etm@openssh.com off
set ssh server mac hmac-sha2-512-etm@openssh.com off
set ssh server mac umac-64-etm@openssh.com off
set ssh server mac umac-128-etm@openssh.com off

enabled mac: 
-------------------------------- 
hmac-sha1 
hmac-sha2-256 
hmac-sha2-512 
umac-64@openssh.com 
umac-128@openssh.com 
--------------------------------

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

(1)
_Val_
Admin
Admin
‎2023-12-25 01:54 AM
Jump to solution

The new SK is published to address the issue: https://support.checkpoint.com/results/sk/sk181833

View solution in original post

_Val_
Admin
Admin
‎2024-01-03 04:42 AM
In response to Raman_Arora
Jump to solution

Did you remove aes128-cbc cipher?

View solution in original post

0 Kudos
31 Replies
the_rock
Legend
Legend
‎2023-12-19 06:10 AM
Jump to solution

This actually came out today

https://www.helpnetsecurity.com/2023/12/19/ssh-vulnerability-cve-2023-48795/

I searched for CVE and also Terrapin on support site, nothing so far, except link to your post.

Andy

0 Kudos
Bob_Zimmerman
Authority
Authority
‎2023-12-19 06:44 AM
Jump to solution

This attack isn't terribly practical. It requires full control over a router or proxy in the path between client and server. The firewall itself could execute this attack on connections flowing through it. From the OpenSSH team:

While cryptographically novel, the security impact of this attack
is fortunately very limited as it only allows deletion of
consecutive messages, and deleting most messages at this stage of
the protocol prevents user user authentication from proceeding and
results in a stuck connection.

The most serious identified impact is that it lets a MITM to
delete the SSH2_MSG_EXT_INFO message sent before authentication
starts, allowing the attacker to disable a subset of the keystroke
timing obfuscation features introduced in OpenSSH 9.5. There is no
other discernable impact to session secrecy or session integrity.
0 Kudos
(1)
Blason_R
Leader
Leader
‎2023-12-19 07:06 AM
In response to Bob_Zimmerman
Jump to solution

Agree but since it has a cve given most of the vulnerability vendor by tomorrow wil be updated with the the relevant  signatures and scan will start showing as vulnerable. Though currently modifying sshd_conf file and removing chacha plus etm Mac's mitigating the vulnerability 

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
the_rock
Legend
Legend
‎2023-12-19 07:13 AM
In response to Blason_R
Jump to solution

I would agree with that, hope it gets addressed soon.

Andy

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-12-19 08:00 AM
Jump to solution

I expect we are evaluating internally and will provide further details when able.

In the interim please open a case with TAC and loop in your local CP SE as relevant.

CCSM R77/R80/ELITE
0 Kudos
PhoneBoy
Admin
Admin
‎2023-12-19 03:52 PM
Jump to solution

Per the FAQ provided on the site mentioned:

I am an admin, should I drop everything and fix this?

Probably not.

The attack requires an active Man-in-the-Middle attacker that can intercept and modify the connection's traffic at the TCP/IP layer. Additionally, we require the negotiation of either ChaCha20-Poly1305, or any CBC cipher in combination with Encrypt-then-MAC as the connection's encryption mode.

If you feel uncomfortable waiting for your SSH implementation to provide a patch, you can workaround this vulnerability by temporarily disabling the affected chacha20-poly1305@openssh.com encryption and -etm@openssh.com MAC algorithms in the configuration of your SSH server (or client), and use unaffected algorithms like AES-GCM instead.

That makes this issue less urgent to fix and something you can potentially mitigate:

Based on the public information available at current, this seems like the best course of action to take.
For an official response, refer to the TAC.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2023-12-20 05:42 AM
In response to PhoneBoy
Jump to solution

I just did that for training, it was easily done in clish:

enabled cipher: 
-------------------------------- 
aes128-cbc 
aes128-ctr 
aes128-gcm@openssh.com 
aes192-ctr 
aes256-ctr 
aes256-gcm@openssh.com 
chacha20-poly1305@openssh.com

set ssh server cipher chacha20-poly1305@openssh.com off

enabled cipher: 
-------------------------------- 
aes128-cbc 
aes128-ctr 
aes128-gcm@openssh.com 
aes192-ctr 
aes256-ctr 
aes256-gcm@openssh.com 
enabled mac: 
-------------------------------- 
hmac-sha1 
hmac-sha1-etm@openssh.com 
hmac-sha2-256 
hmac-sha2-256-etm@openssh.com 
hmac-sha2-512 
hmac-sha2-512-etm@openssh.com 
umac-64-etm@openssh.com 
umac-64@openssh.com 
umac-128-etm@openssh.com 

set ssh server mac hmac-sha1-etm@openssh.com off
set ssh server mac hmac-sha2-256-etm@openssh.com off
set ssh server mac hmac-sha2-512-etm@openssh.com off
set ssh server mac umac-64-etm@openssh.com off
set ssh server mac umac-128-etm@openssh.com off

enabled mac: 
-------------------------------- 
hmac-sha1 
hmac-sha2-256 
hmac-sha2-512 
umac-64@openssh.com 
umac-128@openssh.com 
--------------------------------

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
(1)
Blason_R
Leader
Leader
‎2023-12-20 05:44 AM
In response to G_W_Albrecht
Jump to solution

Right - I managed to mitigate around 50+ R81.10 and 5+ R80.40 since this morning 🙂

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
the_rock
Legend
Legend
‎2023-12-20 05:58 AM
In response to G_W_Albrecht
Jump to solution

Excellent!

Andy

0 Kudos
_Val_
Admin
Admin
‎2023-12-25 01:54 AM
Jump to solution

The new SK is published to address the issue: https://support.checkpoint.com/results/sk/sk181833

Blason_R
Leader
Leader
‎2023-12-25 05:43 AM
In response to _Val_
Jump to solution

Thanks and thats great

 

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
Raman_Arora
Contributor
‎2024-01-02 08:04 AM
In response to _Val_
Jump to solution

Hello Val, 

 

Have followed the steps in SK, Qualys still reports the Vulnerability..

Before  disabling Cipher - ChaCha20-Poly1305

RESULTS:
SSH Prefix Truncation Vulnerability (Terrapin) detected on port: 22
ChaCha20-Poly1305 Algorithm Support: True
CBC-EtM Algorithm Support: True
Strict Key Exchange algorithm enabled: False

 

After  disabling Cipher - ChaCha20-Poly1305

RESULTS:
SSH Prefix Truncation Vulnerability (Terrapin) detected on port: 22
ChaCha20-Poly1305 Algorithm Support: False
CBC-EtM Algorithm Support: True
Strict Key Exchange algorithm enabled: False

 

Only piece what is shown under both results is CBC-EtM Algorithm Support is set as True. I know we did not disable anything else other than ChaCha20-Poly1305, but Qualys still reports its vulnerable and CBC-Etm Algo support is set as true.

 

Do you have any further insight?

0 Kudos
Blason_R
Leader
Leader
‎2024-01-02 08:57 AM
In response to Raman_Arora
Jump to solution

Yes disable that as well and it should be good. For R81.10 and R81.20 it has CBC-Etm

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
the_rock
Legend
Legend
‎2024-01-02 09:03 AM
In response to Raman_Arora
Jump to solution

@Blason_R is correct, I tested it on R81.20 and worked fine.

Best,

Andy

0 Kudos
Raman_Arora
Contributor
‎2024-01-03 12:24 AM
In response to the_rock
Jump to solution

great! Would you also please share how did you disable that? 

0 Kudos
Blason_R
Leader
Leader
‎2024-01-03 12:36 AM
In response to Raman_Arora
Jump to solution

Run below command and then we can confirm which can be disabled

show ssh server kex supported

show ssh server mac supported

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
Raman_Arora
Contributor
‎2024-01-03 12:43 AM
In response to Blason_R
Jump to solution

I tried this before, but 1st command is available on R81.20.. 2nd Command i also tried 

 

Below is the output

 

xxx> show ssh server kex supported
CLINFR0329 Invalid command:'show ssh server kex supported'.
xxx> show ssh server mac supported
--------------------------------
supported mac:
--------------------------------
hmac-md5-96-etm@openssh.com
hmac-md5-etm@openssh.com
hmac-sha1
hmac-sha1-96-etm@openssh.com
hmac-sha1-etm@openssh.com
hmac-sha2-256
hmac-sha2-256-etm@openssh.com
hmac-sha2-512
hmac-sha2-512-etm@openssh.com
umac-64-etm@openssh.com
umac-64@openssh.com
umac-128-etm@openssh.com
umac-128@openssh.com
--------------------------------

0 Kudos
_Val_
Admin
Admin
‎2024-01-03 01:39 AM
In response to Raman_Arora
Jump to solution

This should not be the case. Are you sure you rebooted after the changes? Can you confirm the vulnerable methods are no longer showing in enabled ciphers?

0 Kudos
Raman_Arora
Contributor
‎2024-01-03 01:47 AM
In response to _Val_
Jump to solution

I did not reboot, as its not mentioned on the SK. But after disabling particluar cipher, i see qualys report found it disabled, but at the same time it talks about CBC-EtM - Enabled..

 

After  disabling Cipher - ChaCha20-Poly1305

RESULTS:
SSH Prefix Truncation Vulnerability (Terrapin) detected on port: 22
ChaCha20-Poly1305 Algorithm Support: False
CBC-EtM Algorithm Support: True
Strict Key Exchange algorithm enabled: False

 

 

*****show ssh server cipher enabled
--------------------------------
enabled cipher:
--------------------------------
aes128-cbc
aes128-ctr
aes128-gcm@openssh.com
aes192-ctr
aes256-ctr
aes256-gcm@openssh.com
--------------------------------

0 Kudos
_Val_
Admin
Admin
‎2024-01-03 01:55 AM
In response to Raman_Arora
Jump to solution

Yes, you are right, the reboot is not required, but you need to restart sshd. Disable all vulnerable ciphers and restart the daemon.

0 Kudos
Raman_Arora
Contributor
‎2024-01-03 02:14 AM
In response to _Val_
Jump to solution

I disabled Vulnerable Cipher - ChaCha20-Poly1305, but did not find any option where i can find CBC-EtM enabled and disable it then..

 

I am using R81.10

 

And i tried sshd restart too, and waiting for scan to be completed..

0 Kudos
Raman_Arora
Contributor
‎2024-01-03 04:39 AM
In response to Raman_Arora
Jump to solution

nothing changed after restarting sshd. CBC-EtM is still marked as enabled.

0 Kudos
_Val_
Admin
Admin
‎2024-01-03 04:42 AM
In response to Raman_Arora
Jump to solution

Did you remove aes128-cbc cipher?

0 Kudos
Raman_Arora
Contributor
‎2024-01-03 04:46 AM
In response to _Val_
Jump to solution

not yet! Will disabling AES128-CBC cipher disable CBS-EtM?

0 Kudos
_Val_
Admin
Admin
‎2024-01-03 04:49 AM
In response to Raman_Arora
Jump to solution

CBC-EtM, not CBS as you wrote. I suspect it will. Try and see, worst case you, you will need to re-enable the cipher. 

0 Kudos
Raman_Arora
Contributor
‎2024-01-03 04:58 AM
In response to _Val_
Jump to solution

Its typo error... I meant CBC-EtM only as mentioned above in all my messages..😅

0 Kudos
Raman_Arora
Contributor
‎2024-01-03 08:08 AM
In response to Raman_Arora
Jump to solution

Disabling AES128-CBC cipher helped. Qualys is not reporting Terrapin Vulnerability now...

 

Thank All!

(1)
_Val_
Admin
Admin
‎2024-01-03 12:41 PM
In response to Raman_Arora
Jump to solution

Great to hear.

0 Kudos
(1)
JozkoMrkvicka
Authority
Authority
‎2024-01-06 08:11 AM
In response to _Val_
Jump to solution

Mitigation of CBC-EtM sub-vulnerability is not mentioned in relevant article. Only chacha20-poly1305.

What is preffered/optimal option to mitigate CBC-EtM support?

Disable cipher aes128-cbc:

set ssh server cipher aes128-cbc off

or

Disable all, by default enabled, Macs relevant for -etm:

set ssh server mac hmac-sha1-etm@openssh.com off
set ssh server mac hmac-sha2-256-etm@openssh.com off
set ssh server mac hmac-sha2-512-etm@openssh.com off
set ssh server mac umac-64-etm@openssh.com off
set ssh server mac umac-128-etm@openssh.com off

 or even both ?

Kind regards,
Jozko Mrkvicka
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events