Bug#624425: openssh-server: strange segfaults in logs and posssibility of successfull remote command execution

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#624425: openssh-server: strange segfaults in logs and posssibility of successfull remote command execution
From: "ALbert R. Valiev" <darkstar@altlinux.ru>
Date: Thu, 28 Apr 2011 06:40:53 -0400
Message-id: <[🔎] 20110428104053.13975.29762.reportbug@wz5.semrush.net>
Reply-to: "ALbert R. Valiev" <darkstar@altlinux.ru>, 624425@bugs.debian.org

Package: openssh-server
Version: 1:5.5p1-6
Severity: important



-- System Information:
Debian Release: 6.0.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openssh-server depends on:
ii  adduser                 3.112+nmu2       add and remove users and groups
ii  debconf [debconf-2.0]   1.5.36.1         Debian configuration management sy
ii  dpkg                    1.15.8.10        Debian package management system
ii  libc6                   2.11.2-10        Embedded GNU C Library: Shared lib
ii  libcomerr2              1.41.12-2        common error description library
ii  libgssapi-krb5-2        1.8.3+dfsg-4     MIT Kerberos runtime libraries - k
ii  libkrb5-3               1.8.3+dfsg-4     MIT Kerberos runtime libraries
ii  libpam-modules          1.1.1-6.1        Pluggable Authentication Modules f
ii  libpam-runtime          1.1.1-6.1        Runtime support for the PAM librar
ii  libpam0g                1.1.1-6.1        Pluggable Authentication Modules l
ii  libselinux1             2.0.96-1         SELinux runtime shared libraries
ii  libssl0.9.8             0.9.8o-4squeeze1 SSL shared libraries
ii  libwrap0                7.6.q-19         Wietse Venema's TCP wrappers libra
ii  lsb-base                3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip
ii  openssh-blacklist       0.4.1            list of default blacklisted OpenSS
ii  openssh-client          1:5.5p1-6        secure shell (SSH) client, for sec
ii  procps                  1:3.2.8-9        /proc file system utilities
ii  zlib1g                  1:1.2.3.4.dfsg-3 compression library - runtime

Versions of packages openssh-server recommends:
ii  openssh-blacklist-extra       0.4.1      list of non-default blacklisted Op
ii  xauth                         1:1.0.4-1  X authentication utility

Versions of packages openssh-server suggests:
pn  molly-guard                   <none>     (no description available)
pn  rssh                          <none>     (no description available)
pn  ssh-askpass                   <none>     (no description available)
pn  ufw                           <none>     (no description available)

-- debconf information:
  ssh/vulnerable_host_keys:
* ssh/use_old_init_script: true
  ssh/encrypted_host_key_but_no_keygen:
  ssh/disable_cr_auth: false

Apr 28 04:35:31 wz5 kernel: [3883195.806079] sshd[3692]: segfault at 18 ip 0000000000417d29 sp 00007fff7dbcad40 error 4 in sshd[400000+70000

Also SPAM message were sent from root without any authentication attempt logged. Only trace is this segfault logs, which happened right at time when SPAM were sent. Temporary solution is to disable PermitRootLogin, as other account are unknown for remote user.

Reply to:

Prev by Date: Bug#624248: openssh-server: allow %g (group) pattern in ChrootDirectory directive
Previous by thread: Bug#624248: openssh-server: allow %g (group) pattern in ChrootDirectory directive
Index(es):
- Date
- Thread