CVE-2024-39223
📋 TL;DR
This CVE describes an authentication bypass vulnerability in the SSH service of gost v2.11.5. Attackers can intercept communications by setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey, allowing man-in-the-middle attacks. Anyone using the vulnerable version of gost with SSH enabled is affected.
💻 Affected Systems
- gost
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of SSH communications, allowing attackers to intercept, modify, or inject data in transit, potentially leading to credential theft, data exfiltration, or lateral movement.
Likely Case
Man-in-the-middle attacks on SSH connections through gost, enabling interception of sensitive data and authentication credentials.
If Mitigated
Limited impact if proper network segmentation and monitoring are in place, though the vulnerability still exists.
🎯 Exploit Status
Exploit details are publicly available in GitHub gists and issues, making exploitation straightforward for attackers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v2.11.6 or later
Vendor Advisory: https://github.com/ginuerzh/gost/issues/1034
Restart Required: Yes
Instructions:
1. Check current gost version. 2. Update to v2.11.6 or later via package manager or manual download. 3. Restart gost service. 4. Verify the fix is applied.
🔧 Temporary Workarounds
Disable SSH Service
linuxTemporarily disable the SSH service in gost if not required.
systemctl stop gost-ssh
pkill -f 'gost.*ssh'
Use Alternative Proxy
allReplace gost SSH functionality with a secure alternative like OpenSSH.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate gost instances from untrusted networks.
- Enable comprehensive logging and monitoring for unusual SSH connection patterns or authentication failures.
🔍 How to Verify
Check if Vulnerable:
Check if gost version is v2.11.5 and SSH service is enabled in configuration.Check Version:
gost -vVerify Fix Applied:
Verify gost version is v2.11.6 or later and review configuration to ensure HostKeyCallback is not set to ssh.InsecureIgnoreHostKey.📡 Detection & Monitoring
Log Indicators:
- Unusual SSH connection attempts
- Authentication failures or bypasses in gost logs
- Changes to HostKeyCallback configuration
Network Indicators:
- Unexpected SSH traffic patterns
- Man-in-the-middle attack signatures on SSH ports
SIEM Query:
source="gost.log" AND ("ssh.InsecureIgnoreHostKey" OR "authentication bypass")🔗 References
- https://gist.github.com/nyxfqq/a7242170b1118e78436a62dee4e09e8a
- https://github.com/ginuerzh/gost/blob/729d0e70005607dc7c69fc1de62fd8fe21f85355/ssh.go#L229
- https://github.com/ginuerzh/gost/issues/1034
- https://gist.github.com/nyxfqq/a7242170b1118e78436a62dee4e09e8a
- https://github.com/ginuerzh/gost/blob/729d0e70005607dc7c69fc1de62fd8fe21f85355/ssh.go#L229
- https://github.com/ginuerzh/gost/issues/1034
