Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 13 Mar 2001 17:20:02 -0800 (PST)
From:      Dima Dorfman <dima@unixfreak.org>
To:        freebsd-bugs@FreeBSD.org
Subject:   Re: bin/25778: sshd core after login attempt for non-existant user 
Message-ID:  <200103140120.f2E1K2r20216@freefall.freebsd.org>
index | next in thread | raw e-mail 

The following reply was made to PR bin/25778; it has been noted by GNATS.

From: Dima Dorfman <dima@unixfreak.org>
To: rsimmons@duckman.wlcg.com
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: bin/25778: sshd core after login attempt for non-existant user 
Date: Tue, 13 Mar 2001 17:11:39 -0800

 Rob Simmons <rsimmons@duckman.wlcg.com> writes:
 > 
 > >Number:         25778
 > >Category:       bin
 > >Synopsis:       sshd core after login attempt for non-existant user
 > >Description:
 > When someone tries to login with a username that does not exist,
 > sshd dumps core.  Here is the gdb output from the core file,
 > followed by the ident info from the sshd binary:
 
 Try the patch below.  It looks like a FreeBSD-specific problem.  Well,
 at least I tried OpenSSH 2.5 (I know that's not what we use) and it
 didn't have this bug.
 
 I don't think this can be classified as a security bug.  The sshd that
 cores is one that was already spawned for that connection; the main
 one stays alive.  Also, the crash is from dereferencing a bad pointer,
 and the malicious user can't control it.  All that said, I'm not a
 security expert, so take that for what it is: a hypothesis.
 
 Thanks
 
 					Dima Dorfman
 					dima@unixfreak.org
 
 
 Index: auth2.c
 ===================================================================
 RCS file: /st/src/FreeBSD/src/crypto/openssh/auth2.c,v
 retrieving revision 1.9
 diff -u -r1.9 auth2.c
 --- auth2.c	2001/03/04 02:22:03	1.9
 +++ auth2.c	2001/03/14 01:08:44
 @@ -201,6 +201,7 @@
  	debug("userauth-request for user %s service %s method %s", user, service, method);
  	debug("attempt #%d", authctxt->attempt);
  
 +	authctxt->pw = 0;
  	if (authctxt->attempt == 1) { 
  		/* setup auth context */
  		struct passwd *pw = NULL;

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103140120.f2E1K2r20216>