Package: ssh Version: 1:3.8.1p1-8.sarge.4 Severity: important I have isolated the problem to running the following script on a machine logged into via ssh:
=== #!/bin/sh # # crashsshd - attempt to crash sshd by making the command line overflow # crashsshd a $* === ssh sacrificialhost $ crashsshd a While the script takes a while to run, it eventually causes sshd to die. The following message was found in the syslog: Dec 1 21:37:40 mpiblaster kernel: DMA per-cpu: Dec 1 21:37:40 mpiblaster kernel: cpu 0 hot: low 2, high 6, batch 1 Dec 1 21:37:40 mpiblaster kernel: cpu 0 cold: low 0, high 2, batch 1 Dec 1 21:37:40 mpiblaster kernel: Normal per-cpu: Dec 1 21:37:40 mpiblaster kernel: cpu 0 hot: low 32, high 96, batch 16 Dec 1 21:37:40 mpiblaster kernel: cpu 0 cold: low 0, high 32, batch 16 Dec 1 21:37:40 mpiblaster kernel: HighMem per-cpu: empty Dec 1 21:37:40 mpiblaster kernel: Dec 1 21:37:40 mpiblaster kernel: Free pages: 4212kB (0kB HighMem) Dec 1 21:37:40 mpiblaster kernel: Active:202202 inactive:1128 dirty:0 writeback:0 unstable:0 free:1053 slab:13703 mapped:203771 pagetables:5905 Dec 1 21:37:40 mpiblaster kernel: DMA free:1900kB min:16kB low:32kB high:48kB active:11128kB inactive:0kB present:16384kB Dec 1 21:37:40 mpiblaster kernel: protections[]: 8 476 476 Dec 1 21:37:40 mpiblaster kernel: Normal free:2312kB min:936kB low:1872kB high:2808kB active:797680kB inactive:4512kB present:901120kB Dec 1 21:37:40 mpiblaster kernel: protections[]: 0 468 468 Dec 1 21:37:40 mpiblaster kernel: HighMem free:0kB min:128kB low:256kB high:384kB active:0kB inactive:0kB present:0kB Dec 1 21:37:40 mpiblaster kernel: protections[]: 0 0 0 Dec 1 21:37:40 mpiblaster kernel: DMA: 1*4kB 1*8kB 0*16kB 1*32kB 1*64kB 0*128kB 1*256kB 1*512kB 1*1024kB 0*2048kB 0*4096kB = 1900kB Dec 1 21:37:40 mpiblaster kernel: Normal: 128*4kB 5*8kB 0*16kB 1*32kB 1*64kB 1*128kB 0*256kB 1*512kB 1*1024kB 0*2048kB 0*4096kB = 2312kB Dec 1 21:37:40 mpiblaster kernel: HighMem: empty Dec 1 21:37:40 mpiblaster kernel: Swap cache: add 0, delete 0, find 0/0, race 0+0 Dec 1 21:37:40 mpiblaster kernel: Out of Memory: Killed process 19833 (sshd). While infinite recursion is certainly a error in the script, it should not cause sshd to die. Because it kills sshd, a malicious user can prevent anyone from logging in via ssh until the daemon is restarted. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-2-386 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C) Versions of packages ssh depends on: ii adduser 3.63 Add and remove users and groups ii debconf 1.4.30.13 Debian configuration management sy ii dpkg 1.10.28 Package maintenance system for Deb ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libpam-modules 0.76-22 Pluggable Authentication Modules f ii libpam-runtime 0.76-22 Runtime support for the PAM librar ii libpam0g 0.76-22 Pluggable Authentication Modules l ii libssl0.9.7 0.9.7e-3sarge1 SSL shared libraries ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra ii zlib1g 1:1.2.2-4.sarge.2 compression library - runtime -- debconf information: ssh/insecure_rshd: ssh/user_environment_tell: ssh/ssh2_keys_merged: * ssh/forward_warning: ssh/insecure_telnetd: ssh/new_config: true * ssh/use_old_init_script: true * ssh/protocol2_only: true ssh/encrypted_host_key_but_no_keygen: * ssh/run_sshd: true * ssh/SUID_client: true ssh/disable_cr_auth: false -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]