Bug#1064898: /usr/bin/sshd: mktemp - literal X-s in /tmp directory names
Package: openssh-server
Version: 1:9.2p1-2+deb12u2
Severity: normal
File: /usr/sbin/sshd
Tags: upstream, security
X-Debbugs-Cc: cstamas+debian@cstamas.hu
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
After upgrading to debian 12 I am seeing directories in /tmp like:
ssh-XXXXXXnOKqkt, ssh-XXXXXXtGmfLV
* What was the outcome of this action?
* What outcome did you expect instead?
These directories are created by sshd.
In oldstable and OpenBSD the directories are as expected:
ssh-LwxtSMoGSV, ssh-JPcQMaBN6s
The regression might be only in openssh-portable?
As there are still 6 variable characters this might not be easily exploitable
security-wise and it used to be 10 just as in OpenBSD current.
Regardless surely this is not the intended result.
Regards,
Tamás
*** End of the template - remove these template lines ***
-- System Information:
Debian Release: 12.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-17-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=C, LC_CTYPE=hu_HU.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages openssh-client depends on:
ii adduser 3.134
ii libc6 2.36-9+deb12u4
ii libedit2 3.1-20221030-2
ii libfido2-1 1.12.0-2+b1
ii libgssapi-krb5-2 1.20.1-2+deb12u1
ii libselinux1 3.4-1+b6
ii libssl3 3.0.11-1~deb12u2
ii passwd 1:4.13+dfsg1-1+b1
ii zlib1g 1:1.2.13.dfsg-1
Versions of packages openssh-client recommends:
ii xauth 1:1.1.2-1
Versions of packages openssh-client suggests:
pn keychain <none>
pn libpam-ssh <none>
pn monkeysphere <none>
pn ssh-askpass <none>
-- no debconf information
Reply to: