Public bug reported: Binary package hint: openssh-server
The ssh init script sets the /proc/$PID/oom_adj value to -17 to avoid being killed by the OOM killer in low memory situations. Unfortunately all child processes of sshd inherit this setting. So any user with ssh access can easily launch a process which accumulates memory without being killed by the kernel until the system gets to out of memory kernel panic. This will lead to a denial of service. The bug is already reported in the debian bug tracker under the following location: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480020 The fix is included in openssh/1:4.7p1-11. Please update Hardy to this package version. ** Affects: openssh (Ubuntu) Importance: Undecided Status: New -- hardy: openssh-server oom_adj can lead to denial of service https://bugs.launchpad.net/bugs/293000 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
