https://bugzilla.mindrot.org/show_bug.cgi?id=3196
Bug ID: 3196
Summary: [Information Disclosure] OpenSSH_7.4p1
Raspbian-10+deb9u7 discloses OS version
Product: Portable OpenSSH
Version: 7.4p1
Hardware: Other
OS: Other
Status: NEW
Severity: security
Priority: P5
Component: sshd
Assignee: unassigned-bugs@mindrot.org
Reporter: 5990@protonmail.com
Created attachment 3432
--> https://bugzilla.mindrot.org/attachment.cgi?id=3432&action=edit
CrackMapExec accidentally reports OS version using the paramiko library
The Raspbian-10+deb9u7 release of OpenSSH_7.4p1 sends over the
"Raspbian-10+deb9u7" text when communicating SSHD version to a client.
This is considered an Information Disclosure error, because SSHD
shouldn't disclose OS Version information to clients.
REPLICATE: Run CrackMapExec against OpenSSH_7.4p1 Raspbian-10+deb9u7
with a command like the following:
./cme --verbose ssh -u pi --port 2322 192.168.0.10
CrackMapExec(github.com/byt3bl33d3r/CrackMapExec) uses the paramiko
library(github.com/paramiko/paramiko) to dectect SSH version.
If you traceback the output of CME, you'll find that it's just paramiko
"reading a line from the socket" and parsing it to get the version
information.
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
Bug ID: 3196
Summary: [Information Disclosure] OpenSSH_7.4p1
Raspbian-10+deb9u7 discloses OS version
Product: Portable OpenSSH
Version: 7.4p1
Hardware: Other
OS: Other
Status: NEW
Severity: security
Priority: P5
Component: sshd
Assignee: unassigned-bugs@mindrot.org
Reporter: 5990@protonmail.com
Created attachment 3432
--> https://bugzilla.mindrot.org/attachment.cgi?id=3432&action=edit
CrackMapExec accidentally reports OS version using the paramiko library
The Raspbian-10+deb9u7 release of OpenSSH_7.4p1 sends over the
"Raspbian-10+deb9u7" text when communicating SSHD version to a client.
This is considered an Information Disclosure error, because SSHD
shouldn't disclose OS Version information to clients.
REPLICATE: Run CrackMapExec against OpenSSH_7.4p1 Raspbian-10+deb9u7
with a command like the following:
./cme --verbose ssh -u pi --port 2322 192.168.0.10
CrackMapExec(github.com/byt3bl33d3r/CrackMapExec) uses the paramiko
library(github.com/paramiko/paramiko) to dectect SSH version.
If you traceback the output of CME, you'll find that it's just paramiko
"reading a line from the socket" and parsing it to get the version
information.
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs