Debian Bug report logs -
#682444
netcat-openbsd: netcat may connect to itself, if used on closed local port
Reported by: Felix Rublack <frubi1988@gmail.com>
Date: Sun, 22 Jul 2012 19:39:01 UTC
Severity: normal
Found in version netcat-openbsd/1.105-7
Fixed in version netcat-openbsd/1.130-1
Done: Guilhem Moulin <guilhem@guilhem.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, frubi1988@gmail.com, Aron Xu <aron@debian.org>:
Bug#682444; Package netcat-openbsd.
(Sun, 22 Jul 2012 19:39:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Felix Rublack <frubi1988@gmail.com>:
New Bug report received and forwarded. Copy sent to frubi1988@gmail.com, Aron Xu <aron@debian.org>.
(Sun, 22 Jul 2012 19:39:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: netcat-openbsd
Version: 1.105-7
Severity: normal
If netcat is used to connect to a closed local port, it may connect to itself.
How to reproduce:
1) Select a random port from the range which is used by clients
# sysctl net.ipv4.ip_local_port_range
2) Start netcat in loop with this port
# while true; do nc.openbsd -v localhost 52804 < /dev/zero; done
nc.openbsd: connect to localhost port 52804 (tcp) failed: Connection refused
nc.openbsd: connect to localhost port 52804 (tcp) failed: Connection refused
[....]
nc.openbsd: connect to localhost port 52804 (tcp) failed: Connection refused
nc.openbsd: connect to localhost port 52804 (tcp) failed: Connection refused
Connection to localhost 52804 port [tcp/*] succeeded!
It shouldn't do this :)
Greetings
Felix Rublack
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.4.5 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages netcat-openbsd depends on:
ii libbsd0 0.4.2-1
ii libc6 2.13-34
netcat-openbsd recommends no packages.
netcat-openbsd suggests no packages.
-- no debconf information
Information forwarded
to debian-bugs-dist@lists.debian.org, Aron Xu <aron@debian.org>:
Bug#682444; Package netcat-openbsd.
(Thu, 26 Jul 2012 16:45:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Aron Xu <happyaron.xu@gmail.com>:
Extra info received and forwarded to list. Copy sent to Aron Xu <aron@debian.org>.
(Thu, 26 Jul 2012 16:45:06 GMT) (full text, mbox, link).
Message #10 received at 682444@bugs.debian.org (full text, mbox, reply):
On Mon, Jul 23, 2012 at 3:37 AM, Felix Rublack <frubi1988@gmail.com> wrote:
> Package: netcat-openbsd
> Version: 1.105-7
> Severity: normal
>
> If netcat is used to connect to a closed local port, it may connect to itself.
>
> How to reproduce:
>
> 1) Select a random port from the range which is used by clients
> # sysctl net.ipv4.ip_local_port_range
>
> 2) Start netcat in loop with this port
> # while true; do nc.openbsd -v localhost 52804 < /dev/zero; done
> nc.openbsd: connect to localhost port 52804 (tcp) failed: Connection refused
> nc.openbsd: connect to localhost port 52804 (tcp) failed: Connection refused
> [....]
> nc.openbsd: connect to localhost port 52804 (tcp) failed: Connection refused
> nc.openbsd: connect to localhost port 52804 (tcp) failed: Connection refused
> Connection to localhost 52804 port [tcp/*] succeeded!
>
> It shouldn't do this :)
>
This is interesting... I don't know why it behaves like this, and I
can reproduce it without very clear influencing factors. I'll spend
some time on it next weekend or the weekend after next.
Thanks for your catching out!
--
Regards,
Aron Xu
Added tag(s) pending.
Request was from Guilhem Moulin <guilhem@guilhem.org>
to control@bugs.debian.org.
(Thu, 24 Nov 2016 16:45:06 GMT) (full text, mbox, link).
Reply sent
to Guilhem Moulin <guilhem@guilhem.org>:
You have taken responsibility.
(Mon, 12 Dec 2016 15:21:08 GMT) (full text, mbox, link).
Notification sent
to Felix Rublack <frubi1988@gmail.com>:
Bug acknowledged by developer.
(Mon, 12 Dec 2016 15:21:08 GMT) (full text, mbox, link).
Message #17 received at 682444-close@bugs.debian.org (full text, mbox, reply):
Source: netcat-openbsd
Source-Version: 1.130-1
We believe that the bug you reported is fixed in the latest version of
netcat-openbsd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 682444@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guilhem Moulin <guilhem@guilhem.org> (supplier of updated netcat-openbsd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 11 Nov 2016 02:28:22 +0100
Source: netcat-openbsd
Binary: netcat-openbsd
Architecture: source amd64
Version: 1.130-1
Distribution: unstable
Urgency: low
Maintainer: Aron Xu <aron@debian.org>
Changed-By: Guilhem Moulin <guilhem@guilhem.org>
Description:
netcat-openbsd - TCP/IP swiss army knife
Closes: 682444 694844 702204 705223 711784 751105 752931 792454 817050
Changes:
netcat-openbsd (1.130-1) unstable; urgency=low
.
[ Aron Xu ]
* Fix cross build, thanks Colin Watson. (Closes: #694844)
.
[ Guilhem Moulin ]
* Add self to Uploaders.
* New upstream release. (Closes: #682444, #751105, #752931, #817050)
* Ensure each line ends with CRLF when -C is set, not just the last line
from the read buffer. (Closes: #705223, #711784)
* Pause after each line when -i is set, not just after the last line from
the read buffer.
* debian/control:
+ Bump Standards-Version to 3.9.8 (no changes necessary).
+ Upgrade Vcs-Git URI from git:// to https://.
+ Upgrade Vcs-Browser URI from http:// to https:// and switch to the
canonical cgit URI.
* debian/compat: Bump debhelper compatibility version to 9.
* debian/rules: Set DEB_BUILD_MAINT_OPTIONS to compile and link ELF
executables with hardening options enabled.
* debian/copyright:
+ Add missing entries for nc.1 and Makefile.
+ Replace the format URI http://dep.debian.net/deps/dep5/ by a versioned
one https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ .
* debian/patches/0001-port-to-linux-with-libsd.patch: Don't truncate to
"Proxy-Authorization" header to 7 bytes. Thanks to Petros Angelatos for
the patch. (Closes: #792454)
* debian/patches/0010-misc-failures-and-features.patch: fix broadcast
support (SO_BROADCAST is a socket-level option not a TCP socket option).
Thanks to Jakob Wrigley for the patch. (Closes: #702204)
Checksums-Sha1:
0cfc0fbfce09ab12c2f3124d4ab9049651cffe54 1575 netcat-openbsd_1.130-1.dsc
df1db0e9765228cefa651225abfca1bbefe64a72 16857 netcat-openbsd_1.130.orig.tar.gz
8f636a80e7ae5b64d843b8c2a8b90fbe03231de9 28480 netcat-openbsd_1.130-1.debian.tar.xz
6bd5969d3a5a1269d750c0507b7a947288562a97 27256 netcat-openbsd-dbgsym_1.130-1_amd64.deb
8533d0052ea2ff4771aa4ca41b9c5a18533144dd 4784 netcat-openbsd_1.130-1_amd64.buildinfo
a0529246518639149ea0c8dc9bc15fe8b8fb7ddf 37908 netcat-openbsd_1.130-1_amd64.deb
Checksums-Sha256:
d14092ed373e872b006cb4989e66b5460c16d7747156b0a61f6f9a1480b97ab5 1575 netcat-openbsd_1.130-1.dsc
fd7205065d0b47898851f31f33e614de5d47a5b9dc81fd50d2ff51b63d091e5b 16857 netcat-openbsd_1.130.orig.tar.gz
f35f72984df2c5a8d9e9e1b23e72875a0f9aa78ef9eb97f92f191b7390dbffda 28480 netcat-openbsd_1.130-1.debian.tar.xz
64d2fe78ebc348d8b6d3817e79559311e17b95e29d7d8c4dd99b1ca33eb1892d 27256 netcat-openbsd-dbgsym_1.130-1_amd64.deb
4e27f713ade2be587ad2b9dcd5d6495dd9a48058835d0a45ecf13e871e219fea 4784 netcat-openbsd_1.130-1_amd64.buildinfo
4c6950c18f50ee914e1a8b15fb825b169b369d60449ef7d7c5e81e96c3d00cd7 37908 netcat-openbsd_1.130-1_amd64.deb
Files:
f91de44e9996cfb815720e7573b7c92f 1575 net important netcat-openbsd_1.130-1.dsc
a8ffa0780252ce246b30e55d851d2d96 16857 net important netcat-openbsd_1.130.orig.tar.gz
e828dac523fe5a223c51e2c3d26d1eaa 28480 net important netcat-openbsd_1.130-1.debian.tar.xz
0367391f4877d45d032ca3d836a4b25a 27256 debug extra netcat-openbsd-dbgsym_1.130-1_amd64.deb
44351d0e1e9d0d0384d71fbea4420033 4784 net important netcat-openbsd_1.130-1_amd64.buildinfo
2d3d4438c0e50a72ac3893ae902ec4f7 37908 net important netcat-openbsd_1.130-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJYTrtXAAoJEPbsVcVkKA0ei20H/jt6UhnIB/WzsL+1zFv8wi4d
ZR+AgCeC1I5E5MhxveklK4gBvJGo0ir1KxEnX/TphErfKQ/ulCiSNBOAkwn4/jzZ
7HxKtAcY6mso6KXEyLsgpj05MPfdF9G0mtP4CzDDnOBvOiU69e9RJtNESVwNl/Mk
icmtsWvXO9UgkxdI+2Dg5Nq4DoNzOVIuPPwgQPAqefLLLpZKqr8jGbtD8AtJZBRp
xqSsp2bSfTPOBbDMVnrOmRqoxF7JxduR5drChuQHmNf8uMgB0FPbgBFR6dLf8U2q
LKNLf5tvE4MtLYa0C3uqn7BXlQkfJH9ql4rivTd4tAEvZlXmsquGM/u7hB8lLiM=
=XrU0
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 01 Aug 2017 07:27:26 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sun Jan 14 04:39:28 2018;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.