Package: ncat Version: 7.80+dfsg1-5 Severity: normal Dear Maintainer,
When using ncat to connect a target server via an intermediate SOCKS server (either 4 or 5), If the initial replies from the target server (e.g. the banner line sent by an ssh server) is occasionally attached after the response packet of SOCKS CONNECT (it should be legal and may be done by many SOCKS server implementations, since TCP on which SOCKS is based is stream oriented), ncat is unable to return these replies. Only the initial replies from the target server sent as a separate packet after the response of SOCKS CONNECT by the SOCKS proxy can be correctly returned. This bug breaks the SSH protocol when ncat is used in the ProxyCommand option of OpenSSH to use a SOCKS proxy, because server's banner line may get lost. Other netcat implementations like netcat-openbsd can handle replies attached to the response packet of SOCKS CONNECT and work fine with OpenSSH. -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (900, 'testing'), (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 5.7.0-2-amd64 (SMP w/4 CPU threads) Locale: LANG=zh_CN.UTF-8, LC_CTYPE=zh_CN.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages ncat depends on: ii libc6 2.31-3 ii liblua5.3-0 5.3.3-1.1+b1 ii libpcap0.8 1.9.1-4 ii libssl1.1 1.1.1g-1 ncat recommends no packages. ncat suggests no packages. -- no debconf information
