Safety vulnerability ID: 68096
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Ssh-audit version 3.2.0 now includes an option to simulate the DHEat denial-of-service attack. This feature, accessible via the `--dheat` command, addresses vulnerabilities detailed in CVE-2002-20001.
Latest version: 3.2.0
An SSH server & client configuration security auditing tool
This release features a new `--dheat` option to test targets for the DHEat denial-of-service attack (see [CVE-2002-20001](https://nvd.nist.gov/vuln/detail/CVE-2002-20001)). Also included are changes to custom policies that allow targets to surpass the specified security level; this allows for the creation of baseline policies (partial credit [yannik1015](https://github.com/yannik1015) and [Damian Szuberski](https://github.com/szubersk)).
This version is also available as a PyPI package (`pip3 install ssh-audit`), Docker image (`docker pull positronsecurity/ssh-audit`), Snap package (`snap install ssh-audit`), or as a Windows executable (see below, though be aware that sometimes Windows Defender inappropriately detects it as malware!).
- Added implementation of the DHEat denial-of-service attack (see `--dheat` option; [CVE-2002-20001](https://nvd.nist.gov/vuln/detail/CVE-2002-20001)).
- Expanded filter of CBC ciphers to flag for the Terrapin vulnerability. It now includes more rarely found ciphers.
- Fixed parsing of `ecdsa-sha2-nistp*` CA signatures on host keys. Additionally, they are now flagged as potentially back-doored, just as standard host keys are.
- Gracefully handle rare exceptions (i.e.: crashes) while performing GEX tests.
- The built-in man page (`-m`, `--manual`) is now available on Docker, PyPI, and Snap builds, in addition to the Windows build.
- Snap builds are now architecture-independent.
- Changed Docker base image from `python:3-slim` to `python:3-alpine`, resulting in a 59% reduction in image size; credit [Daniel Thamdrup](https://github.com/dallemon).
- Added built-in policies for Amazon Linux 2023, Debian 12, OpenSSH 9.7, and Rocky Linux 9.
- Built-in policies now include a change log (use `-L -v` to view them).
- Custom policies now support the `allow_algorithm_subset_and_reordering` directive to allow targets to pass with a subset and/or re-ordered list of host keys, kex, ciphers, and MACs. This allows for the creation of a baseline policy where targets can optionally implement stricter controls; partial credit [yannik1015](https://github.com/yannik1015).
- Custom policies now support the `allow_larger_keys` directive to allow targets to pass with larger host keys, CA keys, and Diffie-Hellman keys. This allows for the creation of a baseline policy where targets can optionally implement stricter controls; partial credit [Damian Szuberski](https://github.com/szubersk).
- Color output is disabled if the `NO_COLOR` environment variable is set (see https://no-color.org/).
- Added 1 new key exchange algorithm: `gss-nistp384-sha384-*`.
- Added 1 new cipher: `aes128-ocblibassh.org`.
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application