From owner-freebsd-bugs  Thu Jan 31 12:30:38 2002
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 3114837B404
	for <freebsd-bugs@hub.freebsd.org>; Thu, 31 Jan 2002 12:30:03 -0800 (PST)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g0VKU3P71443;
	Thu, 31 Jan 2002 12:30:03 -0800 (PST)
	(envelope-from gnats)
Received: from eubie.lbl.gov (eubie.lbl.gov [131.243.2.36])
	by hub.freebsd.org (Postfix) with ESMTP id 6D6D637B400
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 31 Jan 2002 12:23:40 -0800 (PST)
Received: (from jin@localhost)
	by eubie.lbl.gov (8.11.6/8.11.6) id g0VKNex00336;
	Thu, 31 Jan 2002 12:23:40 -0800 (PST)
	(envelope-from jin)
Message-Id: <200201312023.g0VKNex00336@eubie.lbl.gov>
Date: Thu, 31 Jan 2002 12:23:40 -0800 (PST)
From: Jin.Guojun@eubie.lbl.gov
Reply-To: j_guojun@lbl.gov
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.113
Subject: bin/34502: ssh can crash the 4.5 system
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org


>Number:         34502
>Category:       bin
>Synopsis:       ssh can crash the 4.5 system
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jan 31 12:30:03 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     Jin Guojun
>Release:        FreeBSD 4.5-RELEASE i386
>Organization:
>Environment:

System: FreeBSD 4.5-RELEASE FreeBSD 4.5-RELEASE #0: Wed Jan 30 09:39:25 PST 2002

	OpenSSH_2.9 FreeBSD localisations 20011202 

>Description:
	Problem 1:
		ssh localhost
	cause system panic. A local user can use it to crash all 4.5 systems.

	Problem 2:

	does not work for protocol 2. After rename authorized_keys to
	x.authorized_keys (i.e., disable protocol 1), then ssh will ask
	password instead of passphase:

% ls ~/.ssh
-rw-------   1 jin  advdev    607 Jan 31 12:10 authorized_keys2
-rw-------   1 jin  advdev    668 Jan 31 12:08 id_dsa
-rw-r--r--   1 jin  advdev    607 Jan 31 12:08 id_dsa.pub
-rw-------   1 jin  advdev    533 Jan 11 21:24 identity
-rw-r--r--   1 jin  advdev    337 Jan 11 21:24 identity.pub
-rw-------   1 jin  advdev    512 Jan 31 11:43 random_seed
-rw-------   1 jin  advdev   1687 Aug 27 08:59 x.authorized_keys

% ssh peer
jin@peer.lbl.gov's password: 


>How-To-Repeat:
	Do as described in Description section.
>Fix:

	


>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message