Oracle Solaris System Administration (MOSC)

MOSC Banner

What is the best solution to fix vulnerability for SSH Terrapin Prefix Truncation Weakness?

edited Mar 28, 2024 2:49PM in Oracle Solaris System Administration (MOSC) 4 commentsAnswered

SunOS/Solaris / Solaris 11.4

Hi Team, I have to fix this vulnerability. as a reference mention


4 SSH Prefix Truncation Vulnerability (Terrapin)


port 22/tcp


New


QID:                                        38913                                               CVSS Base:                                               6.4 [1]

Category:

General remote services

CVSS Temporal:           5.0

Associated CVEs:

CVE-2023-48795

 

Vendor Reference:

OpenSSH Advisory

 

Bugtraq ID:

-

 

Service Modified:

12/29/2023

CVSS3.1 Base:               5.9

User Modified:

-

CVSS3.1 Temporal:     5.3

Edited:

No

 

PCI Vuln:

Yes

 

 

 

 

SOLUTION:

Customers are advised to refer to the individual vendor advisory for their operating system and install the patch released by the vendor. For more information regarding the vulnerability, please refer to Terrapin Vulnerability (https://terrapin-attack.com/)

Patch:

Following are links for downloading patches to fix the vulnerabilities:

Howdy, Stranger!

Log In

To view full details, sign in to My Oracle Support Community.

Register

Don't have a My Oracle Support Community account? Click here to get started.

Category Leaderboard

Top contributors this month

Instructions for posting

×

1. Select a discussion category from the picklist.


2. Enter a title that clearly identifies the subject of your question.


3. In the body, insert detailed information, including Oracle product and version.


Please abide by the Oracle Community guidelines and refrain from posting any customer or personally identifiable information (PI/CI).


Cloud / Fusion customers - Our Cloud community has moved! Please go to Cloud Customer Connect .


New to My Oracle Support Community? Visit our Welcome Center

MOSC Help Center