bug in ssh-vulnkey - ref USN-612-2
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| openssh-blacklist (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: openssh-blacklist
The "ssh-vulnkey" program doesn't correctly parse "authorized_keys"
files resulting in missing compromised keys. This bug manifests itself
when the option field has parameters containing space. Some options,
most importantly "command", can contain space in quoted strings.
Here is an example showing two lines of an "authorized_keys" file
with the same compromised key:
command="hg-ssh ~/repos/
no-port-
Only the second line reported as compromised.
The option field is frequently used to (fine) control access to sshd
hosts, so this bug seriously undermines the usefulness of "ssh-vulnkey".
Peter
| Peter Dobcsanyi (peter-d) wrote Re: [Bug 230344] Re: bug in ssh-vulnkey - ref USN-612-2 | #1 |
| Matt Zimmerman (mdz) wrote | #2 |
On Wed, May 14, 2008 at 04:03:01PM -0000, Kees Cook wrote:
> *** This bug is a duplicate of bug 230029 ***
> https:/
>
> ** This bug has been marked a duplicate of bug 230029
> ssh-vulnkey overlooks keys which have options in authorized_keys
Great, I am happy that it has also been fixed.
However, this the second time that this "duplication" happened to me and
I DID check before posting whether there was anything already reported
about the problem. I used launchpad search facility to find related
reports and nothing came up. Now I am wondering why, is there a delay,
am I doing something wrong?
Peter