Mitigation for CVE-2023-48795 found in OpenSSH that affects the Managed File Transfer Internet Server Maverick SSH libraries

Mitigation for CVE-2023-48795 found in OpenSSH that affects the Managed File Transfer Internet Server Maverick SSH libraries

book

Article ID: KB0107933

calendar_today

Updated On:

Products

TIBCO Managed File Transfer Internet Server

Description

A security vulnerability CVE-2023-48795 was found in OpenSSH that affects the Managed File Transfer Internet Server Maverick SSH libraries . This article addresses how to resolve the issue by manually removing the insecure SSH Ciphers and HMACs.

Note, this vulnerability does not affect Managed File Transfer Command Center.

Issue/Introduction

Mitigation for CVE-2023-48795 found in OpenSSH that affects the Managed File Transfer Internet Server Maverick SSH libraries.

Environment

All supported environments

Resolution

The issue caused by this CVE can be circumvented by removing these SSH Ciphers and HMACs:

Ciphers:
chacha20-poly1305@openssh.com
 
HMACs:
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
hmac-sha1-etm@openssh.com
hmac-md5-etm@openssh.com
 
There are three ways to the ciphers and HMACS are defined:  These will be discussed in more details below.  
1.  Define SSH Algorithm Groups.  This is supported on MFT 8.4 and above
2.  Set the web.xml "SSHCipherSuite" and "SSHDigestSuite" parameter to set the allowed ciphers and message digests
3.  Use the hard-coded ciphers and message digests supported by the Maverick and java code.  
 
When using MFT 8.4 or higher, we strongly suggest defining a default SSH Algorithm Group.

Note:  The order of precedence for defining SSH algorithms is as follows:
: SSH Algorithm groups overrides the web.xml and the hard-coded SSH algorithms
: The web.xml algorithm parameters override the hard-coded SSH algorithms
: The hard-coded SSH algorithms are only used if not overridden by the web.xml or SSH Algorithm Groups

Note: MFT supports an option to set web.xml parameter "SSHSecurityLevel".  This is infrequently used.  However, if you are using this, we suggest removing this parameter and following the instructions below.  Defining the  web.xml SSHSecurityLevel parameter gives you less control over the SSH Algorithms selected and can select some algorithms now considered insecure.
 
Define SSH Algorithm Groups.  
Note: This is only supported on MFT v8.4 and above
Navigate to::
Management ==> SSH Algorithm Group ==> Add SSH Algorithm Group
Management ==> SSH Algorithm Group ==> Manage SSH Algorithm Groups
 
: Add (create) an SSH Algorithm Group with the necessary ciphers and message digests.  Remove the insecure Ciphers and Message Directs (HMACs) defined above.
: For existing SSH Algorithm Groups, remove the Ciphers and Message Directs (HMACs) defined above.
 
To set the Global SSH Algorithm Group default, navigate to:
Configuration ==> System Configuration
: Click on the "SSH Options" tab and set the "SSH Algorithm Group" to the algorithm group that you want to be the default.  This will set the default SSH Algorithm Group for all Server definitions and for the SSH Service.  The default Algorithm Groups can be overridden on the Configure SSH Server and on individual Server definitions.  
 
Note: we do not suggest including this Key Exchange Algorithm because it is considered insecure: diffie-hellman-group1-sha1
 
After making a change to the SSH Algorithms for the SSH Server (Service), you must stop/start the SSH Server before the change will take place.  Optionally, you can restart the MFT Server.  
 
Set the web.xml "SSHCipherSuite" and "SSHDigestSuite" parameter to set the allowed ciphers and message digests
1.  Select the ciphers and hashes (HMACs) 
Supported SSH ciphers hash algorithms are captured on the catalina.out during startup.  These algorithms are dependent on the MFT version and on the Java version.  Here is an example of the supported SSH algorithms displayed in the catalina.out.

SSHAlgorithmGroupMgr.init - default ciphers: aes256-gcm@openssh.com,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,arcfour256,aes256-cbc,3des-cbc,3des-ctr,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour
SSHAlgorithmGroupMgr.init - default hashs: hmac-sha2-512-etm@openssh.com,hmac-sha2-512-96,hmac-sha2-512,hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha1-etm@openssh.com,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-etm@openssh.com,hmac-md5-96
SSHAlgorithmGroupMgr.init - default digest: MD5,SHA-1,SHA1,SHA-256,SHA256,SHA-384,SHA384,SHA-512,SHA512
SSHAlgorithmGroupMgr.init - default keyEx: curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group18-sha512,diffie-hellman-group17-sha512,diffie-hellman-group16-sha512,diffie-hellman-group15-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256,rsa2048-sha256,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,rsa1024-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

2. From the list of supported ciphers and hashes,select all of the ciphers and hashes that you want to support.  Remove the insecure Ciphers and Hash(HMACs) defined above.
The new list of ciphers and hashes can be added to the web.xml located at:
<MFT>/server/webapps/cfcc/WEB-INF/web.xml

The ciphers should be added in this section:
        <context-param>
                <param-name>SSHCipherSuite</param-name>
                <param-value>add ciphers here delimited by commas</param-value>
        </context-param>
The hashes/HMACs should be added in this section:
        <context-param>
                <param-value>add Hash(HMACs) here delimited by commas</param-value>
        </context-param>

Example web.xml sections after making changes:
        <context-param>
                <param-name>SSHCipherSuite</param-name>
                <param-value>aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,3des-ctr</param-value>
        </context-param>

        <context-param>
                <param-name>SSHDigestSuite</param-name>
                <param-value>hmac-sha2-512-96,hmac-sha2-512,hmac-sha2-256,hmac-sha2-256-96,hmac-sha1</param-value>
        </context-param>


3. Save the web.xml

4. Restart the MFT Internet Server
 
 
Use the hard-coded ciphers and message digests supported by the Maverick and java code.  
If an SSH Algorithm Group is not defined and the web.xml SSHCipherSuite/SSHDigestSuite parameters are not defined, the default values displayed in the catalina.out will be used.  
We strongly suggest NOT using this method, since insecure algorithms will be supported.