SECURITY: Green End SFTP Server release 0.2.2
Richard Kettlewell
rjk at greenend.org.uk
Sun Dec 4 17:47:57 GMT 2016
This is to announce release 0.2.2 of my experimental SFTP server. It is
possible to use it with the OpenSSH server as a drop-in replacement for
the SFTP server that it ships with.
It differs from the OpenSSH SFTP server in the following ways:
* Support for protocol versions up to 6
* Several SFTP extensions
* Concurrent handling of pipelined requests
This is a security release, fixing the following issues:
* Vulnerabilities
Two vulnerabilities exist in the Green End SFTP server in all releases
prior to 0.2.2:
1. A client can send a sequence of SFTP commands that cause free() to be
invoked on the same pointer more than once (CWE-415).
2. A client can send a sequence of SFTP commands that cause a null
pointer to be dereferenced (CWE-476).
* Impact
The impact of the first issue depends on how the server is deployed.
If the SFTP server is only used by ordinary SSH login users then in
practice there is no impact, since those users can execute arbitrary
commands anyway.
However if the SFTP server is deployed in a configuration where there is
reduced trust in the clients, for instance if they are not login users,
then the first issue could (at worst, and depending on system-level
mitigations) lead to privilege escalation.
The impact of the second issue is believed to only be denial of service.
It is included in this advisory as a precaution.
For more information please visit:
http://www.greenend.org.uk/rjk/sftpserver/
ttfn/rjk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://www.chiark.greenend.org.uk/pipermail/sgo-software-announce/attachments/20161204/10eacaf3/attachment.sig>
More information about the sgo-software-announce
mailing list