ssh-vulnkey overlooks keys which have options in authorized_keys
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | openssh (Ubuntu) |
High
|
Unassigned | ||
| | Feisty |
Undecided
|
Jamie Strandboge | ||
| | Gutsy |
Undecided
|
Jamie Strandboge | ||
| | Hardy |
Undecided
|
Jamie Strandboge | ||
Bug Description
ssh-vulnkey failed to alert on this key:
command="dovecot -c ~/mail/dovecot.conf --exec-mail imap",no-
though it is a weak one. Removing the options enabled it to correctly detect the key.
| Colin Watson (cjwatson) wrote : | #1 |
| Colin Watson (cjwatson) wrote : | #2 |
I plan to upload the attached diff to Debian unstable and Intrepid. It should be suitable for a further security update as well.
| Launchpad Janitor (janitor) wrote : | #3 |
This bug was fixed in the package openssh - 1:4.7p1-10ubuntu1
---------------
openssh (1:4.7p1-10ubuntu1) intrepid; urgency=low
* Resynchronise with Debian. Remaining changes:
- Add support for registering ConsoleKit sessions on login.
openssh (1:4.7p1-10) unstable; urgency=low
* Add a FILES section to ssh-vulnkey(1) (thanks, Hugh Daniel).
* ssh-vulnkey handles options in authorized_keys (LP: #230029), and treats
# as introducing a comment even if it is preceded by whitespace.
-- Colin Watson <email address hidden> Wed, 14 May 2008 13:25:45 +0100
| Changed in openssh: | |
| status: | Fix Released → Fix Committed |
| assignee: | nobody → jdstrand |
| status: | New → Fix Committed |
| Changed in openssh: | |
| status: | Fix Committed → Fix Released |
| Changed in openssh: | |
| assignee: | nobody → jdstrand |
| status: | New → Fix Committed |
| assignee: | nobody → jdstrand |
| status: | New → Fix Committed |
| Launchpad Janitor (janitor) wrote : | #4 |
This bug was fixed in the package openssh - 1:4.7p1-8ubuntu1.2
---------------
openssh (1:4.7p1-
* Add a FILES section to ssh-vulnkey(1) (thanks, Hugh Daniel).
* ssh-vulnkey handles options in authorized_keys (LP: #230029), and treats
# as introducing a comment even if it is preceded by whitespace (thanks
Colin Watson)
-- Jamie Strandboge <email address hidden> Wed, 14 May 2008 08:32:08 -0400
| Launchpad Janitor (janitor) wrote : | #5 |
This bug was fixed in the package openssh - 1:4.6p1-5ubuntu0.5
---------------
openssh (1:4.6p1-
* Add a FILES section to ssh-vulnkey(1) (thanks, Hugh Daniel).
* ssh-vulnkey handles options in authorized_keys (LP: #230029), and treats
# as introducing a comment even if it is preceded by whitespace (thanks
Colin Watson)
-- Jamie Strandboge <email address hidden> Wed, 14 May 2008 09:30:52 -0400
| Launchpad Janitor (janitor) wrote : | #6 |
This bug was fixed in the package openssh - 1:4.3p2-8ubuntu1.4
---------------
openssh (1:4.3p2-
* Add a FILES section to ssh-vulnkey(1) (thanks, Hugh Daniel).
* ssh-vulnkey handles options in authorized_keys (LP: #230029), and treats
# as introducing a comment even if it is preceded by whitespace (thanks
Colin Watson).
-- Jamie Strandboge <email address hidden> Wed, 14 May 2008 08:29:25 -0400
Confirmed, we don't handle key options. (Ugh.)