Ubuntu
bind9 package

nslookup - hit enter with no args or options, prompt advances one line and shows a > operator; then hit ctrl c and normal prompt returns, but now all entries typed at prompt are invisible as though entering a sudo password; commands still execute.

Bug #2064353 reported by Spencer D. Gauvin
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
bind9 (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Bug involving nslookup behaves as follows:

user@machineName:~$ nslookup # Command is entered with no args/options.
> # Redirection operator attempting to prompt user for args/options appears.
                             # If user enters ctrl+c at this point a normal prompt is returned;
user@machineName:~$ # but any commands entered are not visible to the user.
                             # Commands, while not visible, are still executed.
                             # Issue persists until terminal session is closed/reset.

I expected that entering ctrl+c would return a prompt that would function normally - i.e., commands entered would be visible to the user.

This bug could afford a malicious actor already in a target machine the ability to execute commands and engage in privilege escalation.

System Details:

Ubuntu 22.04.4 LTS - Running on a virtual machine (VirtualBox); though I have encountered this bug on an Acer Chromebook that has been repurposed to Run Ubuntu 22.04.4 LTS. I have not encountered this issue on other Debian-based systems of mine.

"apt-cache policy bind9-dnsutils" reports the following:

         bind9-dnsutils:
         Installed: 1:9.18.18-0ubuntu0.22.04.2
         Candidate: 1:9.18.18-0ubuntu0.22.04.2
         Version table:
         *** 1:9.18.18-0ubuntu0.22.04.2 500
         500 http://us.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
         500 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages
         100 /var/lib/dpkg/status
         1:9.18.1-1ubuntu1 500
         500 http://us.archive.ubuntu.com/ubuntu jammy/main amd64 Packages

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: dnsutils (not installed)
ProcVersionSignature: Ubuntu 6.5.0-25.25~22.04.1-generic 6.5.13
Uname: Linux 6.5.0-25-generic x86_64
ApportVersion: 2.20.11-0ubuntu82.5
Architecture: amd64
CasperMD5CheckMismatches: ./boot/grub/grub.cfg
CasperMD5CheckResult: fail
CurrentDesktop: ubuntu:GNOME
Date: Tue Apr 30 16:07:15 2024
InstallationDate: Installed on 2024-03-08 (53 days ago)
InstallationMedia: Ubuntu 22.04.4 LTS "Jammy Jellyfish" - Release amd64 (20240220)
ProcEnviron:
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
RebootRequiredPkgs: Error: path contained symlinks.
SourcePackage: bind9
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Spencer D. Gauvin (spazgerrold) wrote :
Revision history for this message
Seth Arnold (seth-arnold) wrote :

Hello Spencer, thanks for the report. This is pretty common with programs that provide a more "interactive" experience. There's two tools that can help recover from this, reset(1) and stty(1). When this happens, run:

reset
or
stty sane

Both should fix this specific case. But sometimes one or the other one is required to fix your terminal, so it's helpful to know both of them.

Thanks

information type: Private Security → Public
Changed in bind9 (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.