| Summary: | openssh remote port binding weakness | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | norbert kamenicky <noro> |
| Component: | Current packages | Assignee: | Gentoo Linux bug wranglers <bug-wranglers> |
| Status: | VERIFIED DUPLICATE | ||
| Severity: | normal | ||
| Priority: | High | ||
| Version: | 2005.1 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
*** This bug has been marked as a duplicate of 133112 *** . |
I wanted to give http access to my VoIP phone to users on remote LAN ... MyPhone --- MyFirewall ===== internet ====== RemoteFirewall --- LAN \___________________________________________________/ tunel I run this as noro@MyFirewall: ssh -R RemoteFirewallLanIP:12345:MyPhone:80 RemoteFirewall Now I check what's happened on RemoteFirewall: netstat -ln | grep 12345 and received this output: tcp 0 0 0.0.0.0:12345 0.0.0.0:* LISTEN ^^^^^^^^^^ but expected this: tcp 0 RemoteFirewallLanIP:12345 0.0.0.0:* LISTEN ^^^^^^^^^^ i.e. it look's like I run the command: ssh -R \*:12345:MyPhone:80 RemoteFirewall which is a bug Notes: - on both ends is kernel 2.6.16-gentoo-r6 and openssh-4.3_p2-r1 - if I allow input to port 12345 on public interface on Remote firewall, it's really possible to connect to the phone !!! - if GatewayPorts option is disabled (default), port binds only to localhost, which is correct