reassign 512410 libkrb5-3
# double-free triggered in externally-accessible services is always
# potentially a security issue
severity 512410 serious
tags 512410 security
found 512410 libkrb5-3/1.10.1+dfsg-1
thanks
"Livingston, John A" writes:
> On Jun 6, 2012, at 5:40 PM, Russ Allbery wrote:
>>
Russ,
On Jun 6, 2012, at 5:40 PM, Russ Allbery wrote:
>
> Aha! Do you have the keytab PAM option set either in the PAM
> configuration or in krb5.conf?
>
I don't believe we do, unless it's getting called subtly from something else.
Below is our regular krb5.conf in case it's helpful. Our PAM
"Livingston, John A" writes:
> On Jun 6, 2012, at 4:59 PM, Russ Allbery wrote:
>> Can you try running sshd -d under valgrind and see if it can spot where
>> the memory corruption is happening?
> Below are two valgrind runs (without and with -v, depending on how much
> address spam you'd like to
"Livingston, John A" writes:
> I couldn't (easily) convince sshd to create a core dump, so I just
> started it with gdb attached and then tried a password
> connect. Backtrace is below. Let me know if you want to me to dump out
> anything in particular from any of the frames.
> Program received
Russ,
On Jun 6, 2012, at 3:45 PM, Russ Allbery wrote:
>
> Usually, segfaults in sshd are actually in a PAM module, but they can be
> rather hard to track down. Could you try running sshd on a separate port
> with the -d flag so that you can get a trace on the server of where the
> segfault happ
"Livingston, John A" writes:
> On Jun 4, 2012, at 6:10 PM, Russ Allbery wrote:
>> Are you using libpam-krb5? If so, could you upgrade to the version
>> just uploaded to unstable? The version in testing will segfault if
>> krb5_init_context fails; the version in unstable will instead try to
>> g
Russ,
On Jun 4, 2012, at 6:10 PM, Russ Allbery wrote:
>
> Are you using libpam-krb5? If so, could you upgrade to the version just
> uploaded to unstable? The version in testing will segfault if
> krb5_init_context fails; the version in unstable will instead try to give
> you some sort of error
John Livingston writes:
> We've just started seeing this bug on multiple hosts with the latest
> openssh server in testing. Our systems use Kerberos/LDAP for
> authentication; using a Kerberos ticket SSH functions perfectly, but if
> the user enters a password, sshd will throw a general protectio
Package: openssh-server
Version: 1:5.9p1-5
Followup-For: Bug #512410
We've just started seeing this bug on multiple hosts with the latest
openssh server in testing. Our systems use Kerberos/LDAP for
authentication; using a Kerberos ticket SSH functions perfectly, but if
the user enters a password,
Package: openssh-server
Version: 1:5.1p1-5
Severity: normal
==> /var/log/syslog <==
Jan 20 11:14:36 x2goserver kernel: [12969.745101] sshd[31465]: segfault at
6fd7cbec ip b7af7ea9 sp bfa5b2e4 error 4 in libc-2.7.so[b7a89000+155000]
Jan 20 11:14:40 x2goserver modprobe: WARNING: Not loading blackli
10 matches
Mail list logo
