[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#81349: marked as done (sshd2 should not use unprivileged port 2222)

Your message dated Sun, 29 Dec 2002 11:55:46 +0100
with message-id <E18Sb6g-0003mi-00@kalypso>
and subject line Your ssh2 bug
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

Received: (at submit) by bugs.debian.org; 6 Jan 2001 00:36:13 +0000
>From nrubin@stanford.edu Fri Jan 05 18:36:12 2001
Return-path: <nrubin@stanford.edu>
Received: from smtp.stanford.edu [] 
	by master.debian.org with esmtp (Exim 3.12 1 (Debian))
	id 14EhLA-0003T3-00; Fri, 05 Jan 2001 18:36:12 -0600
Received: from stanford.edu (DNab42a599.Stanford.EDU [])
	by smtp.Stanford.EDU (8.11.1/8.11.1) with ESMTP id f060aAn10350;
	Fri, 5 Jan 2001 16:36:10 -0800 (PST)
Sender: nrubin@Stanford.EDU
Message-ID: <3A566879.3FED9172@stanford.edu>
Date: Fri, 05 Jan 2001 16:36:09 -0800
From: "Neil A. Rubin" <nrubin@stanford.edu>
Organization: Stanford University
X-Mailer: Mozilla 4.7 [en] (X11; U; Linux 2.4.0-test12 i686)
X-Accept-Language: en
MIME-Version: 1.0
To: submit@bugs.debian.org
CC: nrubin@stanford.edu
Subject: sshd2 should not use unprivileged port 2222
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Delivered-To: submit@bugs.debian.org

Package: ssh2
Version: 2.0.13-5.1

I believe that the default port (2222) for sshd2 in this package opens
a potential security risk and that a privileged port (<1024 I believe)
should be used instead.  If the daemon running on the current port
should die for some reason, any normal user could start a fake/trojan
sshd2 on that port.

If the client is properly using host authentication, this would be
detected and no harm would be done. However, as was recently pointed out 
(see http://slashdot.org/article.pl?sid=00/12/25/1633254 for example)
clients make it very easy for users to ignore host authentication.  In
this case, the attacker would be able to grab the user's login password
and anything else the user typed, including root passwords, for example.

If sshd2 ran on a low port by default, the attacker would need to
have root access to accomplish the same thing.  The privileged port
mechanism is no panacea, and we still have Man-in-the-Middle attacks,
to worry about.  Still, I believe that making this change will close off 
a potential avenue of attack.

						Neil Rubin

Received: (at 81349-done) by bugs.debian.org; 29 Dec 2002 10:55:48 +0000
>From bas@caradhras.net Sun Dec 29 04:55:47 2002
Return-path: <bas@caradhras.net>
Received: from smtpzilla2.xs4all.nl [] 
	by master.debian.org with esmtp (Exim 3.12 1 (Debian))
	id 18Sb6h-0002Oz-00; Sun, 29 Dec 2002 04:55:47 -0600
Received: from kalypso (ramstraat29.xs4all.nl [])
	by smtpzilla2.xs4all.nl (8.12.0/8.12.0) with ESMTP id gBTAtkZR082386
	for <81349-done@bugs.debian.org>; Sun, 29 Dec 2002 11:55:46 +0100 (CET)
Received: from bas by kalypso with local (Exim 3.36 #1 (Debian))
	id 18Sb6g-0003mi-00
	for <81349-done@bugs.debian.org>; Sun, 29 Dec 2002 11:55:46 +0100
From: Bas Zoetekouw <bas@debian.org>
To: 81349-done@bugs.debian.org
Subject: Your ssh2 bug
Message-Id: <E18Sb6g-0003mi-00@kalypso>
Sender: Bas Zoetekouw <bas@caradhras.net>
Date: Sun, 29 Dec 2002 11:55:46 +0100
Delivered-To: 81349-done@bugs.debian.org
X-Spam-Status: No, hits=-0.7 required=5.0


Ssh2 was removed from the Debian archive this morning.  It's
replacement, openssh (ssh package), does not seem to be affected
by this bug; therefore, I'm closing it.

Kind regards,
Bas Zoetekouw.

Reply to: