Date: Thu, 31 Jan 2002 12:23:40 -0800 (PST) From: Jin.Guojun@eubie.lbl.gov To: FreeBSD-gnats-submit@freebsd.org Subject: bin/34502: ssh can crash the 4.5 system Message-ID: <200201312023.g0VKNex00336@eubie.lbl.gov>
next in thread | raw e-mail | index | archive | help
>Number: 34502 >Category: bin >Synopsis: ssh can crash the 4.5 system >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Jan 31 12:30:03 PST 2002 >Closed-Date: >Last-Modified: >Originator: Jin Guojun >Release: FreeBSD 4.5-RELEASE i386 >Organization: >Environment: System: FreeBSD 4.5-RELEASE FreeBSD 4.5-RELEASE #0: Wed Jan 30 09:39:25 PST 2002 OpenSSH_2.9 FreeBSD localisations 20011202 >Description: Problem 1: ssh localhost cause system panic. A local user can use it to crash all 4.5 systems. Problem 2: does not work for protocol 2. After rename authorized_keys to x.authorized_keys (i.e., disable protocol 1), then ssh will ask password instead of passphase: % ls ~/.ssh -rw------- 1 jin advdev 607 Jan 31 12:10 authorized_keys2 -rw------- 1 jin advdev 668 Jan 31 12:08 id_dsa -rw-r--r-- 1 jin advdev 607 Jan 31 12:08 id_dsa.pub -rw------- 1 jin advdev 533 Jan 11 21:24 identity -rw-r--r-- 1 jin advdev 337 Jan 11 21:24 identity.pub -rw------- 1 jin advdev 512 Jan 31 11:43 random_seed -rw------- 1 jin advdev 1687 Aug 27 08:59 x.authorized_keys % ssh peer jin@peer.lbl.gov's password: >How-To-Repeat: Do as described in Description section. >Fix: >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200201312023.g0VKNex00336>