Your message dated Fri, 01 Mar 2019 12:50:22 +0000
with message-id <[email protected]>
and subject line Bug#923486: fixed in openssh 1:7.9p1-9
has caused the Debian Bug report #923486,
regarding CVE-2019-6111 not fixed, file transfer of unwanted files by malicious
SSH server still possible
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
923486: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923486
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: openssh
Version: 1:7.9p1-7
Severity: important
Tags: security
Control: found -1 1:7.9p1-6
Control: found -1 1:7.4p1-10+deb9u5
Control: found -1 1:6.7p1-5+deb8u7
Hi,
while working on a fixed openssh version for Debian jessie LTS regarding
CVE-2019-6110
CVE-2019-6111
CVE-2018-20685
after several checks, code readings, double checking, I am pretty sure
that CVE-2019-6111 is still not yet fixed. Neither in Debian, nor
openssh upstream (though I haven't tested that, only from code
readings I assume that).
What I tested this with is this piece of Python code:
https://www.exploit-db.com/exploits/46193
In fact, the sshtranger_things.py script needs a little bit of
patching, to not throw unwanted exceptions:
```
--- sshtranger_things.py.orig 2019-02-28 21:48:41.868955825 +0100
+++ sshtranger_things.py 2019-02-28 20:47:01.456096511 +0100
@@ -85,7 +85,10 @@
return paramiko.OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED
def check_channel_exec_request(self, channel, command):
- command = command.decode('ascii')
+ try:
+ command = command.decode('ascii')
+ except:
+ pass
logging.info('Approving exec request: %s', command)
parts = command.split(' ')
# Make sure that this is a request to get a file:
```
Can someone please double-check this with a second pair of eyes? I
guess this needs to be communicated back to upstream. Can this be
handled by the security team and/or the package maintainers?
Thanks+Greets,
Mike
--
mike gabriel aka sunweaver (Debian Developer)
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139
GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31
mail: [email protected], http://sunweavers.net
pgpFwbPuS_Bd2.pgp
Description: Digitale PGP-Signatur
--- End Message ---
--- Begin Message ---
Source: openssh
Source-Version: 1:7.9p1-9
We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <[email protected]> (supplier of updated openssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 01 Mar 2019 12:23:36 +0000
Source: openssh
Architecture: source
Version: 1:7.9p1-9
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <[email protected]>
Changed-By: Colin Watson <[email protected]>
Closes: 923486
Changes:
openssh (1:7.9p1-9) unstable; urgency=medium
.
* Apply upstream patch to make scp handle shell-style brace expansions
when checking that filenames sent by the server match what the client
requested (closes: #923486).
Checksums-Sha1:
741dc3e94df0acbbc62996ebc738c888d447d0ca 3161 openssh_7.9p1-9.dsc
7bcb465855526f695b25b6f3d00eb517284f88f6 172068 openssh_7.9p1-9.debian.tar.xz
a42c00e6d15c98e797a8b38b02b3ee0a1d23258c 15011 openssh_7.9p1-9_source.buildinfo
Checksums-Sha256:
32cfc26396623401cd92b06cad191c55ee8a41dba91ca012ec30412991f8233c 3161
openssh_7.9p1-9.dsc
11972b804f024f1d7559d4a3d6be0dba61c90c6072ce3d5977c22e55f834a17b 172068
openssh_7.9p1-9.debian.tar.xz
8078bcadae0993879047bd50640e837ffe32f4b017c6377bb6967a379d2a5ecb 15011
openssh_7.9p1-9_source.buildinfo
Files:
ca9c0934aeaa1f52ef984f2e77507643 3161 net standard openssh_7.9p1-9.dsc
f00ac1ae10dc47a06be2b04f2f95a6ec 172068 net standard
openssh_7.9p1-9.debian.tar.xz
8e378119ca1029e1d69feb242b2a689a 15011 net standard
openssh_7.9p1-9_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAlx5JGUACgkQOTWH2X2G
UAs5SQ//Sat9RmhmY4dgDbb2F1r+bfrEJwS/COYjnrbD4U0gpCltFhe3cVe1hLgS
SsMGlgY8jqZVQZpv1ea89Ei5NxsSg9otkk7gC8cAn73kQY6k9CrUAd9ETt1B1XhS
MFcAnU1z/QQL9QYRwkqJ2bgXiZj/2FB5F3wVuOIJ/szGSpZAdjSWTz7tJnvFUWWY
mdb1bi5/nWVkJaiFd1mC1aLVMIFotWtChLkYMFOZ+vrYp0B3oRwst+ZkV5C0Oqmt
bnAZNzvqlWgQvNyaUrVoHW/P18F8wVme/MWzfdM+WVwW+xGWqWjY0K2EP6TBMHaJ
HUfgEM5mR7fUKaJxY4n7GU/0c/KbM0sm1+JA7VyCzngxX/jmnvRqHE0AiVtEEIP1
jM7ffX6wtZg+9i8V0gsEJP2XbbgPo2c1HXrN2IfJM2ji9sOqj12Il3uND55UYwpu
tvOJRBZvIZQUSHiKMp4FaxgrAs4LXOMxS9AfvYOfCTAVKy32DWKekmBd4EB+OGgg
2XA8ItIXKpGqUEZkQ8s5qfkJHB7yJzbDzrecbzfQ5SCl7XBTCVyEVeZ0zugh53Fm
P1qlIlAgcCqchyAdGVb88r+TBBH7cnAJV0Y+huk9qjuyeohFwxh+ptH8oCapYXGS
4M/+tFBEJ/Mkcfhn7epDpxSlruc0yyaGcdR1vnKptt1Co37bLL0=
=zH1J
-----END PGP SIGNATURE-----
--- End Message ---
