Package: lftp
Version: 4.6.0-1
Severity: normal
Tags: security
X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org
>From the src/SSH_Access.cc file:
47: const char *y="(yes/no)?";
73: if(s>=y_len && !strncasecmp(b+s-y_len,y,y_len))
74: {
75: pty_recv_buf->Put("yes\n");
76: pty_send_buf->Put("yes\n");
77: return m;
78: }
Not only does it make a particular SFTP file transfer insecure, but also
any future connection via any SSH client.
After enabling debug (the "yes" answer generated automatically):
#v+
$ lftp sftp://mszewczyk@localhost:22203
Password:
lftp mszewczyk@localhost:~> debug
lftp mszewczyk@localhost:~> ls
---- Running connect program (ssh -a -x -s -l mszewczyk -p 22203 localhost sftp)
---> sending a packet, length=5, type=1(INIT), id=0
<--- The authenticity of host '[localhost]:22203 ([::1]:22203)' can't be
established.
<--- RSA key fingerprint is 84:a2:ec:3d:98:1e:95:e6:e4:68:d9:a4:31:92:f7:8d.
<--- Are you sure you want to continue connecting (yes/no)? yes
<---
<--- Warning: Permanently added '[localhost]:22203' (RSA) to the list of known
hosts.
#v-
--- System information. ---
Architecture: amd64
Kernel: Linux 3.16.0-4-amd64
Debian Release: 8.0
500 testing security.debian.org
500 testing ftp.pl.debian.org
500 stable security.debian.org
500 stable ftp.pl.debian.org
--- Package information. ---
Depends (Version) | Installed
===================================-+-==============
libc6 (>= 2.17) |
libgcc1 (>= 1:4.1.1) |
libgnutls-deb0-28 (>= 3.2.10-0) |
libreadline6 (>= 6.0) |
libstdc++6 (>= 4.1.1) |
libtinfo5 |
zlib1g (>= 1:1.1.4) |
netbase |
Package's Recommends field is empty.
Package's Suggests field is empty.
--
Marcin Szewczyk http://wodny.org
mailto:marcin.szewc...@wodny.borg <- remove b / usuń b
xmpp:wo...@ubuntu.pl xmpp:wo...@jabster.pl
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
