CVE-2020-14145

CVE-2020-14145

Name

CVE-2020-14145

Description

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Patch	https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1
Third Party Advisory	https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/
Third Party Advisory	https://security.netapp.com/advisory/ntap-20200709-0004/
Mailing List	http://www.openwall.com/lists/oss-security/2020/12/02/1
Patch	https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d
Third Party Advisory	https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py
Third Party Advisory	https://docs.ssh-mitm.at/CVE-2020-14145.html
GENTOO	https://security.gentoo.org/glsa/202105-35

Type

URI

Patch

https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1

Third Party Advisory

https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/

Third Party Advisory

https://security.netapp.com/advisory/ntap-20200709-0004/

Mailing List

http://www.openwall.com/lists/oss-security/2020/12/02/1

Patch

https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d

Third Party Advisory

https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py

Third Party Advisory

https://docs.ssh-mitm.at/CVE-2020-14145.html

GENTOO

https://security.gentoo.org/glsa/202105-35

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:openbsd:openssh::::::::`	openssh	>= 5.7	< 8.4
`cpe:2.3:a:openbsd:openssh:8.4:-::::::`	openssh	== None	== 8.4
`cpe:2.3:a:openbsd:openssh:8.5:-::::::`	openssh	== None	== 8.5
`cpe:2.3:a:openbsd:openssh:8.6:-::::::`	openssh	== None	== 8.6

CPE URI

Source package

Min version

Max version

cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*

openssh

>= 5.7

< 8.4

cpe:2.3:a:openbsd:openssh:8.4:-:*:*:*:*:*:*

openssh

== None

== 8.4

cpe:2.3:a:openbsd:openssh:8.5:-:*:*:*:*:*:*

openssh

== None

== 8.5

cpe:2.3:a:openbsd:openssh:8.6:-:*:*:*:*:*:*

openssh

== None

== 8.6

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
openssh	3.10-main	8.1_p1-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
openssh	3.12-main	8.3_p1-r3	Natanael Copa <ncopa@alpinelinux.org>	fixed
openssh	3.11-main	8.1_p1-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

openssh

3.10-main

8.1_p1-r0

Natanael Copa <ncopa@alpinelinux.org>

possibly vulnerable

openssh

3.12-main