On 2022-09-18 01:41:38 +0200, Vincent Lefevre wrote: > With svn 1.14.2 under Debian/unstable, I wanted to edit a log message > with > > svn pe --revprop svn:log -r 151946 > > (not just a minor change, I was replacing text by a much longer text), > but got an immediate error from SSH:
Note: after quitting the editor. FYI, this means that Subversion is vulnerable to a remote attack. Here are the details. The logs of my server show: Sep 18 01:24:09 joooj sshd[141287]: error: kex_exchange_identification: Connection closed by remote host Sep 18 01:24:09 joooj sshd[141287]: Connection closed by 197.5.145.64 port 58377 Sep 18 01:24:10 joooj sshd[615]: error: beginning MaxStartups throttling Sep 18 01:24:10 joooj sshd[615]: drop connection #10 from [197.5.145.64]:58387 on [155.133.131.76]:22 past MaxStartups This "beginning MaxStartups throttling" was due to 197.5.145.64 only, but this means that all the other IP addresses that attempt to connect are concerned. There is protection by fail2ban, but it works by looking at the logs, meaning that it takes a few seconds to react: 2022-09-18 01:24:11,513 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:11 2022-09-18 01:24:11,514 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:11 2022-09-18 01:24:11,539 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:11 2022-09-18 01:24:11,540 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:11 2022-09-18 01:24:11,568 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:11 2022-09-18 01:24:11,569 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:11 2022-09-18 01:24:11,569 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:11 2022-09-18 01:24:11,592 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:11 2022-09-18 01:24:11,592 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:11 2022-09-18 01:24:11,608 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:11 2022-09-18 01:24:11,636 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:11 2022-09-18 01:24:11,663 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:11 2022-09-18 01:24:11,697 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:11 2022-09-18 01:24:11,698 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:11 2022-09-18 01:24:11,698 fail2ban.actions [603]: NOTICE [sshd] Ban 197.5.145.64 2022-09-18 01:24:11,742 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:11 2022-09-18 01:24:11,963 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:11 2022-09-18 01:24:11,966 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:11 2022-09-18 01:24:11,966 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:11 2022-09-18 01:24:13,972 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:13 2022-09-18 01:24:13,972 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:13 2022-09-18 01:24:13,973 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:13 2022-09-18 01:24:13,974 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:13 2022-09-18 01:24:13,975 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:13 2022-09-18 01:24:13,975 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:13 2022-09-18 01:24:13,978 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:13 2022-09-18 01:24:13,979 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:13 2022-09-18 01:24:13,981 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:13 2022-09-18 01:24:13,982 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:13 2022-09-18 01:24:13,983 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:13 2022-09-18 01:24:13,984 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:13 2022-09-18 01:24:13,985 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:13 2022-09-18 01:24:13,986 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:13 2022-09-18 01:24:13,987 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:13 2022-09-18 01:24:13,988 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:13 2022-09-18 01:24:13,989 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:13 2022-09-18 01:24:13,990 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:13 2022-09-18 01:24:13,991 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:13 2022-09-18 01:24:13,992 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:13 2022-09-18 01:24:13,993 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:13 2022-09-18 01:24:13,994 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:13 2022-09-18 01:24:13,995 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:13 2022-09-18 01:24:13,996 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:13 2022-09-18 01:24:13,997 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:13 2022-09-18 01:24:14,062 fail2ban.filter [603]: INFO [sshd] Found 197.5.145.64 - 2022-09-18 01:24:14 This is quite a short time, but was sufficient to make a SSH failure on my side and lose data. -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
