touch-packages team mailing list archive

Thread
Date

[Bug 1434006] Re: Information leak

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: QkiZ <1434006@xxxxxxxxxxxxxxxxxx>
Date: Fri, 20 Mar 2015 09:43:17 -0000
Reply-to: Bug 1434006 <1434006@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I was move files from /etc/update-motd.d/ to safe location and now users
can't see this. But it is a security issue.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1434006

Title:
  Information leak

Status in openssh package in Ubuntu:
  Invalid

Bug description:
  I have configured ssh server. I have added user with nologin shell,
  because he's use sftp client to transfer files, not to login to shell.
  But if that user try to login to shell server returns information
  about server:

  $ ssh user@xxxxxxxxxxxxxx
  user@someserver's password:
  Welcome to Ubuntu 14.04.2 LTS (GNU/Linux 3.13.0-45-generic x86_64)

   * Documentation:  https://help.ubuntu.com/

    System information as of Thu Mar 19 11:16:13 CET 2015

    System load:    0.0                 Processes:           131
    Usage of /home: 52.4% of 295.16GB   Users logged in:     1
    Memory usage:   11%                 IP address for eth0: xxx.x.xxx.xxx
    Swap usage:     1%                  IP address for eth1: xx.xx.xxx.xxx

    Graph this data and manage this system at:
      https://landscape.canonical.com/

  10 packages can be updated.
  10 updates are security updates.

  Last login: Thu Mar 19 11:16:13 2015 from xx.xxx.xx.xx
  This account is currently not available.
  Connection to someserver.org closed.

  ProblemType: Bug
  DistroRelease: Ubuntu 14.10
  Package: openssh-server 1:6.6p1-8
  ProcVersionSignature: Ubuntu 3.16.0-26.35-generic 3.16.7-ckt1
  Uname: Linux 3.16.0-26-generic x86_64
  ApportVersion: 2.14.7-0ubuntu8.2
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Thu Mar 19 11:18:02 2015
  InstallationDate: Installed on 2014-04-19 (334 days ago)
  InstallationMedia: Ubuntu-Server 14.04 LTS "Trusty Tahr" - Release amd64 (20140416.2)
  SourcePackage: openssh
  UpgradeStatus: Upgraded to utopic on 2014-11-06 (133 days ago)
  upstart.ssh.override: manual

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1434006/+subscriptions