*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: openssh-blacklist
The "ssh-vulnkey" program doesn't correctly parse "authorized_keys"
files resulting in missing compromised keys. This bug manifests itself
when the option field has parameters containing space. Some options,
most importantly "command", can contain space in quoted strings.
Here is an example showing two lines of an "authorized_keys" file
with the same compromised key:
command="hg-ssh
~/repos/ddb",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAA...
no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAA...
Only the second line reported as compromised.
The option field is frequently used to (fine) control access to sshd
hosts, so this bug seriously undermines the usefulness of "ssh-vulnkey".
Peter
** Affects: openssh-blacklist (Ubuntu)
Importance: Undecided
Status: New
** Visibility changed to: Public
--
bug in ssh-vulnkey - ref USN-612-2
https://bugs.launchpad.net/bugs/230344
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
