touch-packages team mailing list archive

Thread
Date
[Bug 1501538] [NEW] last, lastb not reporting ipv6 address from ssh

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: sffroelich <1501538@xxxxxxxxxxxxxxxxxx>
Date: Wed, 30 Sep 2015 23:30:43 -0000
Reply-to: Bug 1501538 <1501538@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Public bug reported:

with ssh login successes or failures, using IPv6, checks using the "-i"
option for /usr/bin/last or /usr/bin/lastb do not display the correct IP
address.

it appears to be reporting the ipv6 address "fc00:dead::2", or "fc00:dead::3" ass the same address, namely
252.0.222.173

i believe the logged address has stripped "fc", "00", "de", and "ad"
(and nothing else) from the first 32 bits of the address, then converted
each hex unit to decimal, and logged them in dotted-quad (IPv4)
addresses.

while not directly a security vulnerability, last and lastb are vital
tools for monitoring the login activity on systems.

regards,
sff
-----------------------
1) Description:	Ubuntu 14.04.3 LTS
Release:	14.04
2) apt-cache policy sysvinit-utils
sysvinit-utils:
  Installed: 2.88dsf-41ubuntu6.2
  Candidate: 2.88dsf-41ubuntu6.2
  Version table:
 *** 2.88dsf-41ubuntu6.2 0
        500 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     2.88dsf-41ubuntu6 0
        500 http://us.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
3) i expect the full IPv6 address (in v6 notation) written, when applicable, for "-i" output from last, and lastb
4) non-unique IPv4 addresses are reported instead of the correct ipv6 address.

** Affects: sysvinit (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: btmp last lastb sshd wtmp

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to sysvinit in Ubuntu.
https://bugs.launchpad.net/bugs/1501538

Title:
  last, lastb not reporting ipv6 address from ssh

Status in sysvinit package in Ubuntu:
  New

Bug description:
  with ssh login successes or failures, using IPv6, checks using the
  "-i" option for /usr/bin/last or /usr/bin/lastb do not display the
  correct IP address.

  it appears to be reporting the ipv6 address "fc00:dead::2", or "fc00:dead::3" ass the same address, namely
  252.0.222.173

  i believe the logged address has stripped "fc", "00", "de", and "ad"
  (and nothing else) from the first 32 bits of the address, then
  converted each hex unit to decimal, and logged them in dotted-quad
  (IPv4) addresses.

  while not directly a security vulnerability, last and lastb are vital
  tools for monitoring the login activity on systems.

  regards,
  sff
  -----------------------
  1) Description:	Ubuntu 14.04.3 LTS
  Release:	14.04
  2) apt-cache policy sysvinit-utils
  sysvinit-utils:
    Installed: 2.88dsf-41ubuntu6.2
    Candidate: 2.88dsf-41ubuntu6.2
    Version table:
   *** 2.88dsf-41ubuntu6.2 0
          500 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
          100 /var/lib/dpkg/status
       2.88dsf-41ubuntu6 0
          500 http://us.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
  3) i expect the full IPv6 address (in v6 notation) written, when applicable, for "-i" output from last, and lastb
  4) non-unique IPv4 addresses are reported instead of the correct ipv6 address.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sysvinit/+bug/1501538/+subscriptions