sshproxy project

Two major security flaws in the Linux kernel were reported last weekend. Both flaws have the same impact (root access for local users) and both exist within the vmsplice() system call, which was added to the kernel in 2.6.17. There is no configuration option to exclude vmsplice() so everyone is vulnerable.

That’s not directly related to sshproxy but ssh is the perfect protocol to use a local exploit based on privilege granting. So since sshproxy is used to administrate servers via ssh, you have to know that any server could be easily vulnerable and a normal user could become root.

• Type: root access for local users
• Vulnerable: kernel 2.6.[17->24.1].
• Exploit: http://www.milw0rm.com/exploits/5092

I’m glad to announce the third beta of sshproxy-0.6.0.

Changes:

• new plugin: ttyrpld, a session recorder based on the ttyrpld log file format. To be able to replay the log files, you’ll need to install and run ttyreplay. Note: you don’t need to patch the kernel sources to be able to use this plugin or to replay logs. Thanks to Jan Engelhardt for his kindly help while I was implementing this plugin.
• new plugin: email_notifier to notify the proxy administrator about possible misconfigurations. Thanks to Michal Mazurek for this contribution.
• passwords can now contain non-ascii characters, and the tag password_encoding can be used to specify the charset (defaults to utf8). paramiko versions previous to 1.7.3 are runtime patched by an autoloaded plugin.
• paramiko/pycrypto random generator security issue is fixed at runtime with an autoloded plugin.
• several minor bug fixes.

You can download it here.

A crash disk occured on monday january 14 on the server hosting sshproxy-project.org website as well as the mailing lists. The server downtime has been a little longer than expected, but no data were lost in the replacement of the server.

I ordered a new server with a RAID array, and I will do the migration in the coming next weeks. I’m expecting little or no downtime during the migration.

You’re welcome to help keep the sshproxy web site online with a donation!

Here is the second beta of sshproxy-0.6.0.

Changes are:

• secure IPC now possible thru SSH with the sipc plugin.
• telnetclient has been fixed to work with switches from several brands.
• manpages are now included in the gentoo ebuild.
• several minor bug fixes.

You can download it here.

In the way of making sshproxy grow, some people asked me to put online a bug reporting tool. So here is is, you can try it here. And while I was at it, I took some time to redesign a bit the official website, and move it to its new home, sshproxy-project.org. Please update your bookmarks, I don’t know how long I will maintain the penguin.fr redirection.

I still have to move the sshproxy mailing lists, but that will probably take some time, unless I find a very good online tutorial. In the meantime, the current lists sshproxy@penguin.fr and sshproxy-dev@penguin.fr will remain active.

Finally, after a year of development, sshproxy is ready to go 0.6.

This release includes some new features, but mostly introduce a new architecture that makes sshproxy more robust.

You’re all welcome to test it and report bugs to me at david@guerizec.net or on the mailing list at sshproxy@penguin.fr.

The tarbal is here: sshproxy-0.6.0_beta0.tar.gz

(more…)