Bug#349526: openssh-server: sshd crashes with a segfault
Package: openssh-server
Version: 1:4.2p1-5
Severity: grave
Justification: renders package unusable
# MALLOC_CHECK_=0 /usr/sbin/sshd -d
debug1: sshd version OpenSSH_4.2p1 Debian-5
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Bind to port 22 on 0.0.0.0.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7
debug1: inetd sockets after dupping: 3, 3
Connection from 160.45.172.180 port 51478
debug1: Client protocol version 2.0; client software version OpenSSH_4.2p1
Debian-5
debug1: match: OpenSSH_4.2p1 Debian-5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.2p1 Debian-5
debug1: permanently_set_uid: 100/65534
debug1: list_hostkey_types: ssh-rsa,ssh-dss
Segmentation fault
debug1: do_cleanup
debug1: PAM: cleanup
#
Without diabling the MALLOC_CHECK:
# /usr/sbin/sshd -d
debug1: sshd version OpenSSH_4.2p1 Debian-5
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Bind to port 22 on 0.0.0.0.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7
debug1: inetd sockets after dupping: 3, 3
Connection from 160.45.172.180 port 51481
debug1: Client protocol version 2.0; client software version OpenSSH_4.2p1 Debian-5
debug1: match: OpenSSH_4.2p1 Debian-5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.2p1 Debian-5
debug1: permanently_set_uid: 100/65534
debug1: list_hostkey_types: ssh-rsa,ssh-dss
*** glibc detected *** double free or corruption (!prev): 0x080a1160 ***
Aborted
debug1: do_cleanup
debug1: PAM: cleanup
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-1-686
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages openssh-server depends on:
ii adduser 3.80 Add and remove users and groups
ii debconf [debc 1.4.68 Debian configuration management sy
ii dpkg 1.13.11.1 package maintenance system for Deb
ii libc6 2.3.5-12 GNU C Library: Shared libraries an
ii libcomerr2 1.38+1.39-WIP-2005.12.31-1 common error description library
ii libkrb53 1.4.3-5 MIT Kerberos runtime libraries
ii libpam-module 0.79-3 Pluggable Authentication Modules f
ii libpam-runtim 0.79-3 Runtime support for the PAM librar
ii libpam0g 0.79-3 Pluggable Authentication Modules l
ii libselinux1 1.28-2 SELinux shared libraries
ii libssl0.9.8 0.9.8a-6 SSL shared libraries
ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra
ii openssh-clien 1:4.2p1-5 Secure shell client, an rlogin/rsh
ii zlib1g 1:1.2.3-9 compression library - runtime
openssh-server recommends no packages.
-- debconf information:
ssh/insecure_rshd:
ssh/insecure_telnetd:
ssh/new_config: true
* ssh/use_old_init_script: true
ssh/encrypted_host_key_but_no_keygen:
ssh/disable_cr_auth: false
Reply to: