Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 17 Dec 2004 21:34:15 GMT
From:      Andriy Gapon <avg@icyb.net.ua>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   ports/75204: security/openssh-portable sshd may crash on login of user with expired password
Message-ID:  <200412172134.iBHLYFiF016008@www.freebsd.org>
Resent-Message-ID: <200412172140.iBHLeLtd095020@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         75204
>Category:       ports
>Synopsis:       security/openssh-portable sshd may crash on login of user with expired password
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Dec 17 21:40:21 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Andriy Gapon
>Release:        5.2.1-RELEASE-p13
>Organization:
>Environment:
FreeBSD 5.2.1-RELEASE-p13 i386
openssh-portable-overwrite-base-3.9.0.1,1 built from ports
>Description:
sshd child process crashes when user with expired password logs in
>How-To-Repeat:
This problem may not be 100% reproducable since random factors are at play (see fix section):
1. set password expiry field for a user to 1
2. try to login via ssh as that user
3. you are thrown out - sshd crashed
>Fix:
the problem results from trying to free memory pointed by un-initialized pointer:
files/patch-session.c:66
-+       char *newcommand;
++       char *newcommand = NULL;
>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200412172134.iBHLYFiF016008>