Ubuntu One for Rhythmbox

Plugin connects to suss IP over http

Bug #684600 reported by Alex Cochrane on 2010-12-03

10

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Ubuntu One for Rhythmbox	New	Undecided	Unassigned

Bug Description

Ubuntu 10.10
kernel 2.6.35-23-generic
rhythmbox 0.13.1-0ubuntu6
rhythmbox-ubuntuone-music-store 0.1.9-0ubuntu1

When the Ubuntu one plugin for rhythmbox is enabled it connects to 119.31.248.194 over http. When the plugin is disabled it does not. The IP hosts a password submission form with no other information. It is a Korean IP which seems to be hosted in Singapore. :sadface

See original description

Revision history for this message

Alex Cochrane (alexcochrane) wrote on 2010-12-03:

#1

lsof dump Edit (30.3 KiB, text/plain)

security vulnerability:	yes → no
visibility:	private → public

Revision history for this message

Chow Loong Jin (hyperair) wrote on 2010-12-03:

#2

Could you get a tcpdump/wireshark capture on this IP address? Something like:
sudo tcpdump -s0 -wblah.pcap host 119.31.248.194

Changed in rhythmbox-ubuntuone-music-store:
status:	New → Incomplete

Revision history for this message

Alex Cochrane (alexcochrane) wrote on 2010-12-03:

#3

dump.pcap Edit (9.2 KiB, application/cap)

Attached

Revision history for this message

Roman Yepishev (rye) wrote on 2010-12-03:

#4

Hello,

Could you please run the following:

sudo netstat -lntp | grep 119.31.248.194

That should give us the name of the application that contacts that host. Ubuntu One music store uses only SSL connections to 7digital servers and Canonical DC so this plaintext transmission is very suspicious.

Revision history for this message

Roman Yepishev (rye) wrote on 2010-12-03:

#5

Sorry, that should have been

sudo netstat -ntp | grep 119.31.248.194

Revision history for this message

Alex Cochrane (alexcochrane) wrote on 2010-12-03:

#6

Roman I don't have access to the computer this moment but the outcome of netstat -tac --program showed rhythmbox as the running program

description:

updated

Revision history for this message

Alex Cochrane (alexcochrane) wrote on 2010-12-06:

#7

netstat.log Edit (582 bytes, text/plain)

Netstat attached FWIW

Also might be worth noting that the digital connection is over http not https (I was told the only connections rhythmbox made were over https to 7digital and ubuntu one)

tcp 0 1043 192.168.1.10:44457 84.45.95.231:80 ESTABLISHED 2491/rhythmbox

Revision history for this message

Alex Cochrane (alexcochrane) wrote on 2010-12-06:

#8

s/digital/7digital

Alex Cochrane (alexcochrane) on 2010-12-06

Changed in rhythmbox-ubuntuone-music-store:
status:	Incomplete → New

Revision history for this message

Alex Cochrane (alexcochrane) wrote on 2010-12-15:

#9

Any news on this? Can anyone replicate it? I can replicate this across a number of boxen here.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.