[Bug 483565] [NEW] Ubuntu 9.10 client and server - scponly blocks valid requests from krusader FISH client bad request: echo FISH:; exec /bin/sh

LimCore user.ubuntu at limcore.com
Mon Nov 16 12:20:14 UTC 2009 

*** This bug is a security vulnerability ***

Public security bug reported:

Binary package hint: scponly

Server: Ubuntu 9.10 - scponly shell for unix account
Client:  Ubuntu 9.10 - krusader

Client asks for password, and when good one is given it disconnects (if
bad then retry)

On the server:
Nov 16 06:36:34 jumpi sshd[9342]: pam_sm_authenticate: Called
Nov 16 06:36:34 jumpi sshd[9342]: pam_sm_authenticate: username = [pliki]
Nov 16 06:36:34 jumpi sshd[9342]: Accepted password for pliki from 192.168.44.30 port 40413 ssh2
Nov 16 06:36:34 jumpi sshd[9342]: pam_unix(sshd:session): session opened for user pliki by (uid=0)
Nov 16 06:36:34 jumpi scponly[9403]: bad request: echo FISH:;exec /bin/sh -c "if env true 2>/dev/null; then env PS1= PS2= TZ=UTC LANG=C LC_ALL=C LOCALE=C /bin/sh; else PS1= PS2= TZ=UTC LANG=C LC_ALL=C LOCALE=C /bin/sh; fi" [username: pliki(5500), IP/port: 192.168.44.30 40413 5022]
Nov 16 06:36:34 jumpi sshd[9342]: pam_unix(sshd:session): session closed for user pliki

ii  scponly                         4.8-1


# cat /etc/passwd  | grep plik
pliki:x:5500:5500:,,,:/home/pliki:/usr/bin/scponly

ProblemType: Bug
Architecture: amd64
Date: Mon Nov 16 13:15:15 2009
DistroRelease: Ubuntu 9.10
NonfreeKernelModules: nvidia
Package: scponly 4.8-1
ProcEnviron:
 LANGUAGE=
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.31-14.48-generic
SourcePackage: scponly
Uname: Linux 2.6.31-14-generic x86_64

** Affects: scponly (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug

-- 
Ubuntu 9.10 client and server - scponly blocks valid requests from krusader FISH client bad request: echo FISH:;exec /bin/sh
https://bugs.launchpad.net/bugs/483565
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

More information about the universe-bugs mailing list