From owner-freebsd-security@FreeBSD.ORG  Thu Sep  8 00:13:15 2005
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E9C4416A41F
	for <freebsd-security@freebsd.org>;
	Thu,  8 Sep 2005 00:13:15 +0000 (GMT)
	(envelope-from nielsen-list@memberwebs.com)
Received: from mail.npubs.com (mail.npubs.com [209.66.100.224])
	by mx1.FreeBSD.org (Postfix) with ESMTP id BCD6E43D4C
	for <freebsd-security@freebsd.org>;
	Thu,  8 Sep 2005 00:13:11 +0000 (GMT)
	(envelope-from nielsen-list@memberwebs.com)
From: Nate Nielsen <nielsen-list@memberwebs.com>
User-Agent: Mozilla Thunderbird 1.0.6-1.1.fc4 (X11/20050720)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: talonz <talonz@gmail.com>
References: <431F6941.20006@gmail.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <20050908001830.6A33270DCDB@mail.npubs.com>
X-Virus-Scanned: ClamAV using ClamSMTP
Date: Thu,  8 Sep 2005 00:18:36 +0000 (GMT)
Cc: freebsd-security@freebsd.org
Subject: Re: ee using 99% cpu after user ssh session terminates abnormaly
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: nielsen@memberwebs.com
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Sep 2005 00:13:16 -0000

talonz wrote:
> Recently i have been using a dialup 56k account to access the net
> and have noticed that when my ssh session times out and I am editing
> a file in ` ee ' the system goes to 99% cpu usage and stays like
> this till the pid is killed.
> This is a standard user account (not root/su)

This happens all the time on servers I manage. It's a real pain because
it's hard to see the actual load of the machine. We have a dumb hack of
a script that kill these off when they happen.

> Would a user be able to create a denial of service condition
> on the remote system using this bug?

Don't think so, unless there's a process getting starved somewhere, in
which case the DOS would be basically impossible to prevent.

Cheers,
Nate