Extremely weired Thunderbird OpenSSH interaction

Niklas Schnelle niklas at komani.de
Sat Apr 3 04:30:48 EST 2010


Dear OpenSSH developers,
first thank you for this great tool!
Me and a friend have experienced some seriously crazy interaction
between Thunderbird and OpenSSH, the problem is it's
not reproducable but as it left definite traces on the server and it
could be a serious security problem I still want to report it.
so the following happened:
My friend is running Ubuntu 9.10 with the new Thunderbird from a PPA 
he connected to our server (running Debian Lenny) using OpenSSH in a
normal gnome-terminal. Then he launched Thunderbird from the application
menu and now it's getting really weired. 
When thunderbird launched and connected to the IMAP Servers the SSH
session in the currently unfocussed terminal was
flooded with data, specifically with subject lines from the mails in
Thunderbird this was to the degree that it created weired named files on
our server like "Gesendet:" ("sent" in German)
"bla at example.com" and so on.
The interesting thing being that albeit those are garbage they are
clearly noy chiffered. The only idea I could come up with is that
somehow the OpenSSL Input buffer used by Thunderbird could have leaked
into the one used by OpenSSH which would be quite catastrophic.
It could also have to do with the clipboard but we weren't able to
reproduce it or see anything like it with other software and he has been
running this Thunderbird version for some time now.
It's to fishy for a bug report but still to dangerours to simply ignore.
Greetings Niklas Schnelle




More information about the openssh-unix-dev mailing list