From owner-freebsd-security@freebsd.org  Wed Mar  9 22:59:08 2016
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 686E5AC9B10
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Wed,  9 Mar 2016 22:59:08 +0000 (UTC) (envelope-from des@des.no)
Received: from smtp.des.no (smtp.des.no [194.63.250.102])
 by mx1.freebsd.org (Postfix) with ESMTP id 335B9F51
 for <freebsd-security@freebsd.org>; Wed,  9 Mar 2016 22:59:08 +0000 (UTC)
 (envelope-from des@des.no)
Received: from desk.des.no (smtp.des.no [194.63.250.102])
 by smtp.des.no (Postfix) with ESMTP id C2CE9499C;
 Wed,  9 Mar 2016 22:59:00 +0000 (UTC)
Received: by desk.des.no (Postfix, from userid 1001)
 id 284EF3A7DA; Wed,  9 Mar 2016 23:59:00 +0100 (CET)
From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To: Akihiro HIRANO <hirano@t.kanazawa-u.ac.jp>
Cc: "freebsd-security\@freebsd.org" <freebsd-security@freebsd.org>
Subject: Re: openssl bug causes sshd crashed on FreeBSD 9.3-RELEASE
References: <zarafa.56e001f7.549c.013913261512a216@zarafa.ms.gonicus.de>
 <56E017E2.9060305@t.kanazawa-u.ac.jp>
Date: Wed, 09 Mar 2016 23:59:00 +0100
In-Reply-To: <56E017E2.9060305@t.kanazawa-u.ac.jp> (Akihiro HIRANO's message
 of "Wed, 9 Mar 2016 21:32:34 +0900")
Message-ID: <86oaanfebv.fsf@desk.des.no>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Mar 2016 22:59:08 -0000

Akihiro HIRANO <hirano@t.kanazawa-u.ac.jp> writes:
> Frank M=C3=B6ller <moeller@gonicus.de> writes:
> > After updating to FreeBSD 9.3-RELEASE-p37 sshd from the base system
> > crashes by signal 11 when I connect to the server with an old ssh
> > client (e.g. OpenSSH_4.5p1).  Using a newer ssh client versions
> > (e.g. OpenSSH_6.6.1p1 from FreeBSD 9.3-RELEASE-p10) the sshd works
> > fine.
> Hum... I tried OpenSSH_6.6.1p1 client on 9.3-RELEASE-p37
> and OpenSSH_6.4p1 client on 10.0-RELEASE-p18.
> Both clients cause sshd on 9.3-RELEASE-p37 crashed by signal 11.

It depends on which ciphers you use.  If my hunch is correct, the bug is
somewhere in the codepath for RSA, so newer versions (which default to
ECDSA) will be less likely to trigger it, but it will also depend on the
server version and whether the server has an ECDSA host key.

DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no