thr3ads.net - Secure testing team - [Secure-testing-team] Bug#616052: opendchub: Daemon resets config file to defaults, allowing remote admin with a default password by default [Mar 2011]

If this information is useful, please help other people find it:
Share via:

Jeremy Salwen

2011-Mar-02 07:08 UTC

[Secure-testing-team] Bug#616052: opendchub: Daemon resets config file to defaults, allowing remote admin with a default password by default

Package: opendchub
Version: 0.8.2-2
Severity: grave
Tags: security
Justification: user security hole

opendchub will overwrite the /etc/opendchub/config file every time it is
restarted.  The defaults include a default administrative password (which is
always the same), and also (perhaps more critically) enables remote
administration by default.  No indication is given that this has happened, and
it might appear to a user that their changed password or server settings have
been taken into effect.

To test this, it is very simple.

modify /etc/opendchub/config

$sudo nano /etc/opendchub/config

modify the admin password, or some other option

restart the daemon

$sudo invoke-rc.d opendchub restart

which outputs

Stopping DC++ server: opendchub.
Starting DC++ server: opendchub.

Then, look at the configuration file again:

$sudo nano /etc/opendchub/config

all of your customizations to the file are overwritten.

I might report this as a normal bug, but it seems to be a security
vulnerability, as essentially the hub is controllable by anyone in the same
network as the machine, even if the user has specified otherwise, and they are
given no indication that their settings have been ignored.



-- System Information:
Debian Release: 6.0
  APT prefers unstable
  APT policy: (500, ''unstable''), (500,
''stable'')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/6 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages opendchub depends on:
ii  adduser                       3.112+nmu2 add and remove users and groups
ii  libc6                         2.11.2-10  Embedded GNU C Library: Shared lib
ii  libcap2                       1:2.19-3   support for getting/setting POSIX.
ii  libperl5.10                   5.10.1-17  shared Perl library

opendchub recommends no packages.

opendchub suggests no packages.

-- Configuration Files:
/etc/opendchub/config [Errno 13] Permission denied:
u''/etc/opendchub/config''
/etc/opendchub/motd [Errno 13] Permission denied:
u''/etc/opendchub/motd''

-- no debconf information

Secure testing team - Mar 2011 - Bug#616052: opendchub: Daemon resets config file to defaults, allowing remote admin with a default password by default

[Secure-testing-team] Bug#616052: opendchub: Daemon resets config file to defaults, allowing remote admin with a default password by default