Date: Wed, 09 Mar 2016 23:59:00 +0100 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Akihiro HIRANO <hirano@t.kanazawa-u.ac.jp> Cc: "freebsd-security\@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: openssl bug causes sshd crashed on FreeBSD 9.3-RELEASE Message-ID: <86oaanfebv.fsf@desk.des.no> In-Reply-To: <56E017E2.9060305@t.kanazawa-u.ac.jp> (Akihiro HIRANO's message of "Wed, 9 Mar 2016 21:32:34 %2B0900") References: <zarafa.56e001f7.549c.013913261512a216@zarafa.ms.gonicus.de> <56E017E2.9060305@t.kanazawa-u.ac.jp>
next in thread | previous in thread | raw e-mail | index | archive | help
Akihiro HIRANO <hirano@t.kanazawa-u.ac.jp> writes: > Frank M=C3=B6ller <moeller@gonicus.de> writes: > > After updating to FreeBSD 9.3-RELEASE-p37 sshd from the base system > > crashes by signal 11 when I connect to the server with an old ssh > > client (e.g. OpenSSH_4.5p1). Using a newer ssh client versions > > (e.g. OpenSSH_6.6.1p1 from FreeBSD 9.3-RELEASE-p10) the sshd works > > fine. > Hum... I tried OpenSSH_6.6.1p1 client on 9.3-RELEASE-p37 > and OpenSSH_6.4p1 client on 10.0-RELEASE-p18. > Both clients cause sshd on 9.3-RELEASE-p37 crashed by signal 11. It depends on which ciphers you use. If my hunch is correct, the bug is somewhere in the codepath for RSA, so newer versions (which default to ECDSA) will be less likely to trigger it, but it will also depend on the server version and whether the server has an ECDSA host key. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86oaanfebv.fsf>