Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Thread Tools Display Modes
  #1   (View Single Post)  
Old 5th November 2014
J65nko J65nko is offline
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,597
Default FreeBSD-Security Advisory for SSHD

From https://www.freebsd.org/security/adv...14:24.sshd.asc

II. Problem Description

Although OpenSSH is not multithreaded, when OpenSSH is compiled with
Kerberos support, the Heimdal libraries bring in the POSIX thread
library as a dependency. Due to incorrect library ordering while
linking sshd(8), symbols in the C library which are shadowed by the
POSIX thread library may not be resolved correctly at run time.

Note that this problem is specific to the FreeBSD build system and
does not affect other operating systems or the version of OpenSSH
available from the FreeBSD ports tree.

III. Impact

An incorrectly linked sshd(8) child process may deadlock while
handling an incoming connection. The connection may then time out or
be interrupted by the client, leaving the deadlocked sshd(8) child
process behind. Eventually, the sshd(8) parent process stops
accepting new connections.

An attacker may take advantage of this by repeatedly connecting and
then dropping the connection after having begun, but not completed,
the authentication process.
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Security OpenSSH Security Advisory J65nko News 0 9th November 2013 07:57 PM
FreeBSD Security Advisory FreeBSD-SA-10:10.openssl J65nko News 0 1st December 2010 12:06 AM
Security Advisory for Flash Player, Adobe Reader and Acrobat J65nko News 0 6th June 2010 01:36 AM
OpenSSL Security Advisory [24 March 2010] J65nko News 0 29th March 2010 11:12 PM
Upcoming FreeBSD Security Advisory DNAeon FreeBSD Security 3 6th December 2009 04:34 PM

All times are GMT. The time now is 07:53 PM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick