5th November 2014
|
Administrator
|
|
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,132
|
|
FreeBSD-Security Advisory for SSHD
From https://www.freebsd.org/security/adv...14:24.sshd.asc
Quote:
II. Problem Description
Although OpenSSH is not multithreaded, when OpenSSH is compiled with
Kerberos support, the Heimdal libraries bring in the POSIX thread
library as a dependency. Due to incorrect library ordering while
linking sshd(8), symbols in the C library which are shadowed by the
POSIX thread library may not be resolved correctly at run time.
Note that this problem is specific to the FreeBSD build system and
does not affect other operating systems or the version of OpenSSH
available from the FreeBSD ports tree.
III. Impact
An incorrectly linked sshd(8) child process may deadlock while
handling an incoming connection. The connection may then time out or
be interrupted by the client, leaving the deadlocked sshd(8) child
process behind. Eventually, the sshd(8) parent process stops
accepting new connections.
An attacker may take advantage of this by repeatedly connecting and
then dropping the connection after having begun, but not completed,
the authentication process.
|
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
|