X2Go Bug report logs - #31
X2Go Clients Gr-Tunnel (client-side endpoint) listens on all TCP/IP address (probably should be: loopback only)

version graph

Package: x2goclient; Maintainer for x2goclient is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goclient is src:x2goclient.

Reported by: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Date: Mon, 17 Sep 2012 14:48:02 UTC

Severity: normal

Tags: pending

Found in version 3.99.3.0-prerelease

Fixed in version 4.1.1.0

Done: X2Go Release Manager X2Go Release Manager <git-admin@x2go.org>

Bug is archived. No further changes may be made.

Full log


Message #15 received at 31@bugs.x2go.org (full text, mbox, reply):

Received: (at 31) by bugs.x2go.org; 18 Apr 2015 21:04:36 +0000
From ionic@ionic.de  Sat Apr 18 23:04:34 2015
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_40,T_DKIM_INVALID,
	URIBL_BLOCKED autolearn=ham version=3.3.2
Received: from Root24.de (powered.by.root24.eu [5.135.3.88])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 917EC5DAA4
	for <31@bugs.x2go.org>; Sat, 18 Apr 2015 23:04:34 +0200 (CEST)
Received: from nopileos.local (home.ionic.de [217.92.117.31])
	by mail.ionic.de (Postfix) with ESMTPSA id 790924F08F40;
	Sat, 18 Apr 2015 23:04:33 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=ionic.de; s=default;
	t=1429391073; bh=TF1lWoQo/p2LHLrz9ddJg6O3VxEDFhP6x9HcOAcValY=;
	h=Date:From:To:Subject:References:In-Reply-To:From;
	b=PAKvTQRgTOe3FnITCA6ZchJxjYsnCj6SWtmvRs9IRw0mV6Kw3BoDHU1kgUrw6Gm44
	 kSeBihLKpvbVRok7kHeZjEQaGMmcMVgU/xYT1Zx50rTjqOJJCjewR0BKSB58UckaP2
	 FByEpT1zlHFzPJrHzzx/ntn+5fDaPq+sE6HggHZc=
Message-ID: <5532C6DE.1000006@ionic.de>
Date: Sat, 18 Apr 2015 23:04:30 +0200
From: Mihai Moldovan <ionic@ionic.de>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: Guillaume Castagnino <gcastagnino@denyall.com>, 31@bugs.x2go.org
Subject: Re: [X2Go-Dev] Bug#31: (no subject)
References: <2019231.JGKveepc01@bespin>
In-Reply-To: <2019231.JGKveepc01@bespin>
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="wiue3N7x7vc8ObkEgrJrR9PknwCNi1nvm"
[Message part 1 (text/plain, inline)]
On 16.04.2015 03:25 PM, Guillaume Castagnino wrote:
> Incidentally, I discovered that sending garbage on that port make the 
> client crash and disconnect. So you can remotely disconnect any client 
> using x2go client. Kind of DOS isn’t it ?
> [...]
>
> Definitely, the proxy should NOT listen on INADDR_ANY but only on 
> localhost in SshProcess::tunnelLoop.

Hum, yes, it is.


Thank you!



Mihai


[signature.asc (application/pgp-signature, attachment)]

Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Fri Mar 29 00:44:27 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.