Your message dated Sun, 23 Jul 2023 15:03:20 +0800
with message-id <[email protected]>
and subject line Re: ncat discards reply from target server attached to socks
CONNECT response
has caused the Debian Bug report #969314,
regarding ncat discards reply from target server attached to socks CONNECT
response
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
969314: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969314
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ncat
Version: 7.80+dfsg1-5
Severity: normal
Dear Maintainer,
When using ncat to connect a target server via an intermediate SOCKS server
(either 4 or 5), If the initial replies from the target server (e.g. the
banner
line sent by an ssh server) is occasionally attached after the response
packet
of SOCKS CONNECT (it should be legal and may be done by many SOCKS server
implementations, since TCP on which SOCKS is based is stream oriented),
ncat is
unable to return these replies. Only the initial replies from the target
server
sent as a separate packet after the response of SOCKS CONNECT by the SOCKS
proxy can be correctly returned.
This bug breaks the SSH protocol when ncat is used in the ProxyCommand
option
of OpenSSH to use a SOCKS proxy, because server's banner line may get lost.
Other netcat implementations like netcat-openbsd can handle replies
attached to
the response packet of SOCKS CONNECT and work fine with OpenSSH.
-- System Information:
Debian Release: bullseye/sid
APT prefers testing
APT policy: (900, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.7.0-2-amd64 (SMP w/4 CPU threads)
Locale: LANG=zh_CN.UTF-8, LC_CTYPE=zh_CN.UTF-8 (charmap=UTF-8), LANGUAGE
not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages ncat depends on:
ii libc6 2.31-3
ii liblua5.3-0 5.3.3-1.1+b1
ii libpcap0.8 1.9.1-4
ii libssl1.1 1.1.1g-1
ncat recommends no packages.
ncat suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: nmap
Source-Version: 7.94+dfsg1-1
Done: Samuel Henrique <[email protected]>
On Mon, 31 Aug 2020 17:20:59 +0800 Mad Horse wrote:
> When using ncat to connect a target server via an intermediate SOCKS server
> (either 4 or 5), If the initial replies from the target server (e.g. the
> banner line sent by an ssh server) is occasionally attached after the response
> packet of SOCKS CONNECT (it should be legal and may be done by many SOCKS
> server
> implementations, since TCP on which SOCKS is based is stream oriented),
> ncat is unable to return these replies. Only the initial replies from the
> target
> server sent as a separate packet after the response of SOCKS CONNECT by the
> SOCKS
> proxy can be correctly returned.
>
> This bug breaks the SSH protocol when ncat is used in the ProxyCommand
> option of OpenSSH to use a SOCKS proxy, because server's banner line may get
> lost.
> Other netcat implementations like netcat-openbsd can handle replies attached
> to
> the response packet of SOCKS CONNECT and work fine with OpenSSH.
This was fixed in Debian unstable ncat 7.94+dfsg1-1 by upstream:
https://sources.debian.org/src/nmap/7.94%2Bdfsg1-2/CHANGELOG/#L84
o [Ncat] Addressed an issue from the Debian bug tracker
(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969314) regarding data
received immediately after a SOCKS CONNECT response. Ncat can now be
correctly used in the ProxyCommand option of OpenSSH.
--
bye,
pabs
https://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part
--- End Message ---
