133116 – openssh remote port binding weakness

Bug 133116 - openssh remote port binding weakness

Summary: openssh remote port binding weakness

Status:	VERIFIED DUPLICATE of bug 133112

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Linux bug wranglers

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2006-05-12 06:26 UTC by norbert kamenicky
Modified:	2006-05-12 06:28 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description norbert kamenicky 2006-05-12 06:26:49 UTC

I wanted to give http access to my VoIP phone to users on remote LAN ...


  MyPhone --- MyFirewall ===== internet ====== RemoteFirewall --- LAN
        \___________________________________________________/
                          tunel

I run this as noro@MyFirewall:

  ssh -R RemoteFirewallLanIP:12345:MyPhone:80  RemoteFirewall

Now I check what's happened on RemoteFirewall:

  netstat -ln | grep 12345

and received this output:

  tcp  0   0 0.0.0.0:12345     0.0.0.0:*       LISTEN
          ^^^^^^^^^^
but expected this:

  tcp  0   RemoteFirewallLanIP:12345     0.0.0.0:*       LISTEN
            ^^^^^^^^^^
i.e. it look's like I run the command:

 ssh -R \*:12345:MyPhone:80   RemoteFirewall

which is a bug


Notes:
- on both ends is kernel 2.6.16-gentoo-r6 and openssh-4.3_p2-r1
- if I allow input to port 12345 on public interface on Remote firewall, it's
  really possible to connect to the phone !!!
- if GatewayPorts option is disabled (default), port binds only to localhost,    which is correct

Comment 1 Jakub Moc (RETIRED) gentoo-dev

2006-05-12 06:28:09 UTC


*** This bug has been marked as a duplicate of 133112 ***

Comment 2 Jakub Moc (RETIRED) gentoo-dev

2006-05-12 06:28:21 UTC