Bug#992920: proftpd-mod-crypto: sftp connection aborts with "Corrupted MAC on input"

Miguel Cruz debian-bug-report at firmseek.com
Wed Aug 25 03:50:35 BST 2021


Package: proftpd-mod-crypto
Version: 1.3.7a+dfsg-12
Severity: important

Dear Maintainer,

Since upgrading to bullseye, proftpd's sftp server fails with some MAC algorithms.

This works:

  sftp -o MACs=hmac-sha2-256 user at proftpd-server

This fails:

  sftp -o MACs=umac-64 at openssh.com user at proftpd-server

The failure manifests as an aborted connection after a few KB of data traffic. The debian CLI sftp client will display the message:

   Corrupted MAC on input.
   ssh_dispatch_run_fatal: Connection to x.x.x.x port 22: message authentication code incorrect

This means that some clients can no longer constructively use the server with their standard options.


-- System Information:
Debian Release: 11.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-8-amd64 (SMP w/1 CPU thread)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages proftpd-mod-crypto depends on:
ii  libc6         2.31-13
ii  libpam0g      1.4.0-9
ii  libsodium23   1.0.18-1
ii  libssl1.1     1.1.1k-1+deb11u1
ii  proftpd-core  1.3.7a+dfsg-12
ii  zlib1g        1:1.2.11.dfsg-2

proftpd-mod-crypto recommends no packages.

proftpd-mod-crypto suggests no packages.

-- no debconf information



More information about the Pkg-proftpd-maintainers mailing list