Vanilla OS Static SSH Keys Vulnerability Allowing Man-in-the-Middle Attacks

A vulnerability exists in fabricators Ltd Vanilla OS 2 Core image versions prior to 1.1.0, where static SSH host keys were implemented. This flaw allows any unauthenticated user to conduct a man-in-the-middle (MITM) attack on a Vanilla OS host with SSH enabled, by intercepting and potentially altering the SSH connection with other hosts.

Impact

Exploitation of this vulnerability could lead to unauthorized interception and manipulation of SSH connections, allowing an attacker to execute arbitrary commands on the affected server, all while remaining undetected by the user.

Reproduction

The vulnerability can be reproduced by deploying a Vanilla OS 2 Core image version prior to 1.1.0 that has the SSH service enabled. The static SSH host keys can be extracted from the image, and an attacker can then impersonate the server during the SSH handshake with another host, intercepting the connection.

Remediation

Users can upgrade to Vanilla OS Core image version 1.1.1 or later to address this vulnerability. For those using the desktop, nvidia, nvidia-exp, or vm versions of Vanilla OS, the upgrade to version 1.1.3 is recommended.