Date: Fri, 17 Dec 2004 21:34:15 GMT From: Andriy Gapon <avg@icyb.net.ua> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/75204: security/openssh-portable sshd may crash on login of user with expired password Message-ID: <200412172134.iBHLYFiF016008@www.freebsd.org> Resent-Message-ID: <200412172140.iBHLeLtd095020@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 75204 >Category: ports >Synopsis: security/openssh-portable sshd may crash on login of user with expired password >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Dec 17 21:40:21 GMT 2004 >Closed-Date: >Last-Modified: >Originator: Andriy Gapon >Release: 5.2.1-RELEASE-p13 >Organization: >Environment: FreeBSD 5.2.1-RELEASE-p13 i386 openssh-portable-overwrite-base-3.9.0.1,1 built from ports >Description: sshd child process crashes when user with expired password logs in >How-To-Repeat: This problem may not be 100% reproducable since random factors are at play (see fix section): 1. set password expiry field for a user to 1 2. try to login via ssh as that user 3. you are thrown out - sshd crashed >Fix: the problem results from trying to free memory pointed by un-initialized pointer: files/patch-session.c:66 -+ char *newcommand; ++ char *newcommand = NULL; >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200412172134.iBHLYFiF016008>