*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: scponly
Server: Ubuntu 9.10 - scponly shell for unix account
Client: Ubuntu 9.10 - krusader
Client asks for password, and when good one is given it disconnects (if
bad then retry)
On the server:
Nov 16 06:36:34 jumpi sshd[9342]: pam_sm_authenticate: Called
Nov 16 06:36:34 jumpi sshd[9342]: pam_sm_authenticate: username = [pliki]
Nov 16 06:36:34 jumpi sshd[9342]: Accepted password for pliki from
192.168.44.30 port 40413 ssh2
Nov 16 06:36:34 jumpi sshd[9342]: pam_unix(sshd:session): session opened for
user pliki by (uid=0)
Nov 16 06:36:34 jumpi scponly[9403]: bad request: echo FISH:;exec /bin/sh -c
"if env true 2>/dev/null; then env PS1= PS2= TZ=UTC LANG=C LC_ALL=C LOCALE=C
/bin/sh; else PS1= PS2= TZ=UTC LANG=C LC_ALL=C LOCALE=C /bin/sh; fi" [username:
pliki(5500), IP/port: 192.168.44.30 40413 5022]
Nov 16 06:36:34 jumpi sshd[9342]: pam_unix(sshd:session): session closed for
user pliki
ii scponly 4.8-1
# cat /etc/passwd | grep plik
pliki:x:5500:5500:,,,:/home/pliki:/usr/bin/scponly
ProblemType: Bug
Architecture: amd64
Date: Mon Nov 16 13:15:15 2009
DistroRelease: Ubuntu 9.10
NonfreeKernelModules: nvidia
Package: scponly 4.8-1
ProcEnviron:
LANGUAGE=
PATH=(custom, user)
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.31-14.48-generic
SourcePackage: scponly
Uname: Linux 2.6.31-14-generic x86_64
** Affects: scponly (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug
--
Ubuntu 9.10 client and server - scponly blocks valid requests from krusader
FISH client bad request: echo FISH:;exec /bin/sh
https://bugs.launchpad.net/bugs/483565
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
